FIPS 201-2

From IDESG Wiki
Revision as of 00:25, 24 August 2020 by Tomjones (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Title: Personal Identity Verification (PIV) of Federal Employees and Contractors


Category: Credential Requirements Specification


Date: 7/9/2012


Creator: NIST


URL: http://csrc.nist.gov/publications/drafts/fips201-2/draft_nist-fips-201-2_revised.pdf


Description: Specifies the architectural and technical requirements for the Personal Identity Verification (PIV) card system for Federal employees and contractors. The document provides requirements in the area of identity proofing, registration and issuance, as well as credential lifecycle and management requirements. Further NIST documents incorporated by reference are SP 800-73, Interfaces for PIV; SP 800-76, Biometric Data Specification for PIV; SP 800-78, Cryptographic Algorithms and Key Sizes for PIV; SP 800-79, Guidelines for the Accreditation of PIV Card Issuers; SP 800-87, Codes for the Identification of Federal and Federally-Assisted Organizations; SP 800-96, PIV Card to Reader Interoperability Guidelines; SP 800-156, Representation of PIV Chain-of-Trust for Import and Export; and SP 800-157, Guidelines for PIV Derived Credentials.


Privacy: Protection of personal privacy is an explicit objective of the PIV system, directly from HSPD-12. Agencies or departments issuing PIV cards are required to assign a privacy official, conduct Privacy Impact Assessments, identify information collected including its purpose, protection and disclosure policy, restrict access to PII and define consequences for violating the privacy policies. Technology must permit continuous auditing of compliance with privacy policies. The standard permits card issuers to maintain a documentary chain-of-trust for collected identification data, this will contain PII which must be protected and disposed according to agency policy.


Security:


Interoperability: The purpose of the standard is to promote interoperability among PIV system components, across departments and agencies and across installations.


Terms: Access Control, Applicant, Application, Architecture, Asymmetric Keys, Authentication, Biometric, Biometric Information, Capture, Cardholder, Card Management System, Certificate Revocation List, Certification, Certification Authority, Chain-of-trust, Comparison, Component, Conformance Testing, Credential, Cryptographic Key, Authentication Assurance Level, Federal Agency Smart Credential Number, Federal Information Processing Standards, Hash Function, Identification, Identifier, Identity, Identity Proofing, Identity Registration, Identity Verification, Interoperability, Issuer, Match, Model, Off-card, On-card, On-card Comparison, Online Certificate Status Protocol, Path Validation, Personally Identifiable Information, Personal Identification Number, Personal Identity Verification Card, PIV Assurance Level, Private Key, Pseudonyms, Public Key, Public Key Infrastructure, Pki-card Authentication Key, PKI-PIV Authentication Key, Recommendation, Symmetric Key, Validation