NIST releases second draft of federal ID credential security standard for comment

Jul 11, 2012
NIST has released the second-round draft version of its updated security standard for identity credentials in PIV cards. Credit: Talbott/NIST

The National Institute of Standards and Technology (NIST) has released the second-round draft version of its updated security standard for identity credentials in the Personal Identity Verification cards (PIV cards) that all federal employees and contractors must use. NIST is requesting comments from the public on the document, which is intended to be the last draft before the final version is published.

The document is the next step toward updating Federal Standard (FIPS) 201, which was published in February 2005. Among its requirements are that all PIV cards contain an integrated circuit chip for storing , a and protected biometric data—a printed photograph and two electronically stored fingerprints.

According to NIST computer security researcher Hildegard Ferraiolo, the update was anticipated from the start. "The original FIPS 201 indicates the standard should be reviewed after five years to see if changes need to be made," says Ferraiolo. "After implementing the standard, federal departments and agencies learned a number of lessons that, combined with technological changes over the years, made an update worthwhile."

Ferraiolo says the update will not require anyone to replace their current PIV card, but will make the new cards, based on the revised specification, more flexible and effective. Among the numerous improvements in the revised draft are the abilities to:

  • Update a card's credentials remotely without the need to appear in person at the issuer site, a change that should create significant cost savings.
  • Create additional credential(s) for use on mobile devices such as smart phones.
  • Offer additional capabilities, such as secure messaging and on-card fingerprint comparison, to provide more flexibility in selecting the appropriate level of security for federal applications that use the PIV card for authentication.

Explore further: Movie world fears for freedom of speech as N.Korea parody pulled

More information: Comments on the revised draft of FIPS 201 will be incorporated and targeted to be published as the final version, to be entitled FIPS 201-2. The document, Personal Identity Verification of Federal Employees and Contractors, is available at csrc.nist.gov/publications/PubsFIPS.html.

add to favorites email to friend print save as pdf

Related Stories

Software Helps Developers Get Started with PIV Cards

Jul 10, 2008

The National Institute of Standards and Technology has developed two demonstration software packages that show how Personal Identity Verification (PIV) cards can be used with Windows and Linux systems to perform ...

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Improving Security of Handheld IT Devices

Aug 29, 2005

Handheld devices such as personal digital assistants are becoming indispensable tools for today’s highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending ...

NIST proposes update to digital signature standard

Apr 18, 2012

The National Institute of Standards and Technology (NIST) has announced proposed changes to a standard that specifies how to implement digital signatures, which can be used to ensure the integrity of electronic documents, ...

Recommended for you

Study reveals mature motorists worse at texting and driving

20 hours ago

A Wayne State University interdisciplinary research team in the Eugene Applebaum College of Pharmacy and Health Sciences has made a surprising discovery: older, more mature motorists—who typically are better drivers in ...

Napster co-founder to invest in allergy research

Dec 17, 2014

(AP)—Napster co-founder Sean Parker missed most of his final year in high school and has ended up in the emergency room countless times because of his deadly allergy to nuts, shellfish and other foods.

LA mayor plans 7,000 police body cameras in 2015

Dec 16, 2014

Mayor Eric Garcetti announced a plan Tuesday to equip 7,000 Los Angeles police officers with on-body cameras by next summer, making LA's police department the nation's largest law enforcement agency to move ...

Merriam-Webster names 'culture' word of the year

Dec 15, 2014

A nation, a workplace, an ethnicity, a passion, an outsized personality. The people who comprise these things, who fawn or rail against them, are behind Merriam-Webster's 2014 word of the year: culture.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.