NIST SP 800-79-1: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
m (2 revisions imported: Initial Upload of old pages from IDESG Wiki)
 
(No difference)

Latest revision as of 04:02, 28 June 2018

Title: Guidelines for the Accreditation of Personal Identity Verification Card Issuers


Category: Security Assessment Guide


Date: February 2010


Creator: NIST


URL: http://csrc.nist.gov/publications/nistpubs/800-79-1/SP800-79-1.pdf


Description: Survey of the requirements to be met by a PIV Card Issuer (PCI) and an accreditation methodology for ensuring their conformance with those requirements. Accreditation topics include organizational readiness, security management and data protection, infrastructure elements and processes.


Privacy: The security management and data protection accreditation topic includes confirmation that privacy requirements from FIPS 201 are satisfied. This document does not add privacy requirements but provides guidelines for assessing conformance to those requirements. Privacy related documents required during the accrediation process include the privacy policy, privacy impact analysis, system of record notice, privacy act statement, rules of conduct and documented processes for requests to review personal information, requests to amend personal information, appeals and complaints.


Security: Provides a structure for confirming that the PIV Card Issuer meets security obligations and requirements.


Interoperability: Supports interoperable use of PIV cards by providing a common baseline of security assurance in the issuance process.


Terms: