NIST SP 800-79-1

From IDESG Wiki
Jump to: navigation, search

Title: Guidelines for the Accreditation of Personal Identity Verification Card Issuers


Category: Security Assessment Guide


Date: February 2010


Creator: NIST


URL: http://csrc.nist.gov/publications/nistpubs/800-79-1/SP800-79-1.pdf


Description: Survey of the requirements to be met by a PIV Card Issuer (PCI) and an accreditation methodology for ensuring their conformance with those requirements. Accreditation topics include organizational readiness, security management and data protection, infrastructure elements and processes.


Privacy: The security management and data protection accreditation topic includes confirmation that privacy requirements from FIPS 201 are satisfied. This document does not add privacy requirements but provides guidelines for assessing conformance to those requirements. Privacy related documents required during the accrediation process include the privacy policy, privacy impact analysis, system of record notice, privacy act statement, rules of conduct and documented processes for requests to review personal information, requests to amend personal information, appeals and complaints.


Security: Provides a structure for confirming that the PIV Card Issuer meets security obligations and requirements.


Interoperability: Supports interoperable use of PIV cards by providing a common baseline of security assurance in the issuance process.


Terms: