NIST SP 800-79-1

From IDESG Wiki
Revision as of 04:02, 28 June 2018 by Omaerz (Talk | contribs) (2 revisions imported: Initial Upload of old pages from IDESG Wiki)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Title: Guidelines for the Accreditation of Personal Identity Verification Card Issuers

Category: Security Assessment Guide

Date: February 2010

Creator: NIST


Description: Survey of the requirements to be met by a PIV Card Issuer (PCI) and an accreditation methodology for ensuring their conformance with those requirements. Accreditation topics include organizational readiness, security management and data protection, infrastructure elements and processes.

Privacy: The security management and data protection accreditation topic includes confirmation that privacy requirements from FIPS 201 are satisfied. This document does not add privacy requirements but provides guidelines for assessing conformance to those requirements. Privacy related documents required during the accrediation process include the privacy policy, privacy impact analysis, system of record notice, privacy act statement, rules of conduct and documented processes for requests to review personal information, requests to amend personal information, appeals and complaints.

Security: Provides a structure for confirming that the PIV Card Issuer meets security obligations and requirements.

Interoperability: Supports interoperable use of PIV cards by providing a common baseline of security assurance in the issuance process.