NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Announcements

NIST Announcements

POSTED October 22, 2009: Release of Partial CSP Version 1.3 Software

NIST is pleased to announce the release of reference implementation of a Partial CSP Version 1.3, Cryptographic Service Provider for Windows Logon. This existing PIV demonstration software is updated to decompress zipped certificates that are available on production PIV Cards. With this update, the CSP can be used to demonstrate Windows XP Logon with production PIV Cards. Note that this CSP does NOT implement all functions required of a production CSP. Please use the accompanying documentation to install the CSP and configure Windows XP operating system.

POSTED October 6, 2009: NIST Draft Special Publication 800-78-2 Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV) has been Released

NIST is pleased to announce the release of Draft Special Publication 800-78-2, Cryptographic Algorithms and Key Sizes for Personal Identity Verification (PIV). The document has been modified 1) to re-align with the Suite B Cryptography specification and with the recently published FIPS 186-3 and 2) to eliminate a redundant encryption mode for symmetric PIV authentication protocols. In particular, the following changes are introduced in draft SP 800-78-1:
 
  • The National Security Agency’s Suite B Cryptography specification removed Elliptic Curve MQV as an NSA-approved key exchange method. To re-align with Suite B, Elliptic Curve MQV is discontinued in Draft SP800-78-2 as a key agreement scheme for the PIV card.
  • The final release of FIPS 186-3 Digital Signature Standard, published in June 2009, does not list RSA 4096 as an approved digital signature algorithm and key size for use in the federal government. To comply with FIPS 186-3, draft SP 800-78-2 accordingly removes RSA 4096 as an algorithm and key size for generating signatures for PIV data objects.
  • For symmetric authentication purposes (challenge and response), the Cipher Block Chaining (CBC) mode of encryption is redundant to the Electronic Code Bock (ECB) mode of encryption. To remove the redundant implementation, CBC has been discontinued in draft SP 800-78-1.
     
    The changes are incorporated in the document as well in a track-change version. Comments should be submitted to piv_comments@nist.gov with "Comments on SP800-78-2" in the subject line using the Comments Template Form (Excel Spreadsheet). The comment period closes at 5:00 EST on November 12, 2009.

POSTED September 11, 2009: NIST Draft Special Publication SP 800-85B-1 PIV Data Model Conformance Test Guidelines


NIST produced a revised version of NIST Special Publication SP 800-85B PIV Data Model Conformance Test Guidelines. The revisions include additional tests necessary to test the optional features added to the PIV Data Model in SP 800-73-2 Parts 1 and to update tests to conform to the cryptographic migration timeline specified in SP 800-78-1. A short summary of the changes is available here. This document, after a review and comment period, will be published as NIST SP 800-85B-1. Federal agencies and private organizations including test laboratories as well as individuals are invited to review the draft Guidelines and submit comments to NIST by sending them to piv_comments@nist.gov with "Comments on Public Draft SP 800-85B-1" in the subject line. Comments should be submitted using the comment template (Excel spreadsheet). The comment period closes at 5:00 EST (US and Canada) on September 24, 2009. All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication.

POSTED August 14, 2009: The National Institute of Standards and Technology (NIST) is pleased to announce the release of NIST Interagency Report 7611, Use of ISO/IEC 24727 -- Service Access Layer Interface for Identity (SALII): support for development and use of interoperable identity credentials

The Interagency Report details properties and capabilities of ISO/IEC 24727 to achieve identity credential interoperability -- enabling client-applications to access identity credentials from different issuers. Specifically, the document explores this new standard by discussing existing Federal identity credentials, such as PIV, and the PIV application demonstrations developed by NIST. The capabilities of ISO/IEC 24727 are illustrated through a proof-of-concept scenario where the PIV Card interacts with applications (Windows Logon, Linux Logon, Email Signing and Encryption) through the ISO/IEC 24727 framework thus achieving credential independence from client-application.

The document provides a high-level discussion and strives to minimize technical details. An additional publication elaborating the technical discussion, including an ISO/IEC 24727 reference implementation, will be provided after the proof-of-concept implementation.

POSTED August 13, 2009: NIST Releases Draft Special Publication 800-73-3, Interfaces for Personal Identity Verification

NIST announces that Draft Special Publication (SP) 800-73-3, Interfaces for Personal Identity Verification, has been released for public comment. Draft SP 800-73-3 introduces new, optional features including:

(1) on-card retention of retired Key Management keys and corresponding X.509 certificates for the purpose of deriving or decrypting data encryption keys;

(2) use of the ECDH key establishment scheme with the Key Management Key, as specified in SP 800-78-1; and

(3) provisions for Non-Federal Issuer (NFI) credentials. Draft SP 800-73-3 also includes editorial changes aimed at clarifying ambiguities.

Except for minor editorial changes, all changes can be reviewed with the track-change version of Draft SP 800-73-3. (link provided above)

NIST requests comments on draft SP 800-73-3 by 5:00pm EDT on September 13, 2009. Please submit your comments, using the comment template form to PIV_comments@nist.gov with "Comments on Public Draft SP 800-73-3" in the subject line.

POSTED April 3, 2009: NIST Special Publication 800-85A-1 PIV Card Application and Middleware Interface Test Guidelines (SP800-73-2 Compliance)

NIST is pleased to announce the release of SP800-85A-1 PIV Card Application and Middleware Interface Test Guidelines (SP800-73-2 Compliance). This document provides Derived Test Requirements (DTR) and Test Assertions (TA) for testing the PIV Card Application and the PIV Middleware interfaces for conformance to specifications in SP 800-73-2 (Interfaces for Personal Identity Verification). The document is a revision for the earlier version (March 2006), which reflected TA and DTR from the superseded SP 800-73-1, 2006 Edition. The new SP 800-85A-1 is based on TA and DTRs from SP 800-73-2 (September 2008 Edition) and includes the additional tests necessary to test some of the optional features added to the PIV Data Model and Card Interface as well as the PIV Middleware through specifications SP 800-73-2 Parts 1, 2 and 3. A short summary of the changes is available here.

POSTED February 6, 2009: NIST Draft Special Publication SP 800-85A-1 "PIV Card Application and Middleware Interface Test Guidelines (SP800-73-2 compliance)"

NIST has a revised version of NIST Special Publication SP 800-85A “PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance)”. The revised document is titled Draft SP800-85A-1 “PIV Card Application and Middleware Interface Test Guidelines (SP800-73-2 compliance)” and is posted on the Computer Security Resource Center Web site (www.csrc.nist.gov). The revisions include the additional tests necessary to test some of the optional features added to the PIV Data Model and Card Interface as well as the PIV Middleware through specifications SP 800-73-2 Parts 1,   2 and 3.  A short summary of the changes is available here. This document, after a review and comment period, will be published as NIST SP 800-85A-1. Federal agencies and private organizations including test laboratories as well as individuals are invited to review the draft Guidelines and submit comments to NIST by sending them to  PIVtesting@NIST.gov with "Comments on Public Draft SP 800-85A-1" in the subject line.  Comments should be submitted using the comment template (Excel spreadsheet).  The comment period closes at 5:00 EST (US and Canada) on February 28, 2009.  All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication.