In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the issuance and use of Personal Identity Verification (PIV) Credentials, including the credentials on PIV Cards and the derived PIV credentials on alternate form factors. NIST Special Publication (SP) 800-79 has subsequently been revised to align with FIPS 201 and is now available for public comment.
The initial public draft (ipd) of SP 800-79r3 (Revision 3), Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers, provides appropriate and useful guidelines for assessing the reliability of PIV Card and derived PIV credential issuers. The major changes for this revision encompass:
Updates to issuer controls based on Revision 3 of FIPS 201, specifically to:
Add controls for supervised remote identity proofing
Account for the inclusion of PIV identity accounts
Updates to issuer controls for derived PIV credentials based on SP 800-157r1, Guidelines for Derived PIV Credentials, specifically to add controls for non-PKI-based credentials issued at authentication assurance level (AAL) 2 or 3
Updates to issuer controls based on the adjudicative guidelines update for PIV credential eligibility issued by the Office of Personnel Management (OPM)
The comment period for SP 800-79r3 ipd is open through January 29, 2024. See the publication details for a copy of the draft. We encourage you to use the comment template provided there and submit comments and inquiries to piv_comments [at] nist.gov (piv_comments[at]nist[dot]gov).
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publi ..
Support the originator by clicking the read the rest link below.
