- CSRC Home
- Projects / Research
- news & events
In response to HSPD 12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.
FIPS 201 incorporates three technical publications specifying several aspects of the required administrative procedures and technical specifications that may change as the standard is implemented and used. NIST Special Publication 800-73, "Interfaces for Personal Identity Verification" specifies the interface and data elements of the PIV card; NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification" specifies the technical acquisition and formatting requirements for biometric data of the PIV system; and NIST Special Publication 800-78, "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.
In addition, a number of guidelines, reference implementations, and conformance tests have been identified as being needed to: implement and use the PIV system; protect the personal privacy of all subscribers of the PIV system; authenticate identity source documents to obtain the correct legal name of the person applying for a PIV "card"; electronically obtain and store required biometric data (e.g., fingerprints, facial images) from the PIV system subscriber; create a PIV "card" that is "personalized" with data needed by the PIV system to later grant access to the subscriber to Federal facilities and information systems; assure appropriate levels of security for all applicable Federal applications; and provide interoperability among Federal organizations using the standards. These activities will be pursued as resources permit.
NIST announced the release of Special Publication 800-78-1 (updated 11/2013 - SP 800 78-1 has been superseded by SP 800-78-3), Cryptographic Algorithms and Key Sizes for Personal Identity Verification on August 2nd, 2007. NIST has added a clarification regarding the effective date of this document.
NIST is pleased to announce the release of Special Publication 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The document has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency's Suite B Cryptography. In addition, a new cryptographic migration timeline has been developed based on advances in cryptoanalysis of algorithms as well as operational deployment considerations.
NIST is pleased to announce release of an improved version of the PIV Data Generator. The Data Generator is intended as a reference implementation that facilitates creation of PIV test data objects. The data generator can be used to generate PIV test data that is conformant to the data requirements set forth in FIPS 201, SP 800-73, SP 800-76, and SP 800-78. Developers and integrators are welcome to use the reference utility and its generated data objects in test environments. The data generator has been enhanced to allow dynamic data production, include test data assertion, and be conformant to the PIV Data Model Tester. The Data Loader utility can be used to load the test data on to PIV conformant cards. These reference implementation aids are available at the Downloadable PIV Software site.
NIST is pleased to announce the publication of Special Publication 800-104, A Scheme for PIV Visual Card Topography. This document provides additional recommendations on the Personal Identity Verification (PIV) Card color-coding for designating employee affiliation. This document is intended to refine FIPS 201 to enable reliable visual verification of the PIV Card.
NIST is pleased to announce the release of a reference implementation of SP 800-73-1. The reference implementation includes a software simulation of a PIV card and an implementation of the End-Point Client Application Programming Interface. NIST has also developed mandatory functions of a PIV Card application on a Basic Card. The source code and binaries for both are available at the Downloadable PIV Software site.
The National Institute of Standards and Technology (NIST) will conduct a feasibility study of Secure Biometric Match-On-Card (SBMOC) technology, and invites providers of such technology to submit devices to be tested. The goal of the feasibility study is to determine if the state-of-the-practice in smart card products and biometrics technology have advanced to enable a new mode of operation. To implement this mode, certain functional and security properties must be achieved by the SBMOC technology while meeting performance requirement for a biometric authentication transaction. Complete technical requirements are presented in the Test Approach document.
Submission providers should complete and transmit the Intention to Participate form to NIST by 20 Jul 2007. Providers may transmit a submission package to NIST, as described in Materials Transfer Agreement, at any time before 20 Aug 2007.
On completion of the tests, NIST will publish a report indicating the number of successful submissions tested, and certain general qualities of the submissions stated in the Test Approach.
The presentation from the Secure Biometrics Match-on-Card Workshop has been posted.