Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Released Draft Special Publication 800-85A-4, PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
June 08, 2015

NIST announces that Draft Special Publication (SP) 800-85A-4PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance), is now available for public comment. This document provides derived test requirements and test assertions for testing PIV Middleware and PIV Card Applications for conformance to specifications in SP 800-73-4, Interfaces for Personal Identity Verification. The document has been updated to include additional tests necessary to test the new features added to the PIV Data Model and card interface as well as to the PIV Middleware in SP 800-73-4 Parts 1, 2, and 3.

These include:

  • Tests for retrieving newly added optional PIV data objects such as the Biometric Information Templates Group Template data object, the Pairing Code Reference Data Container and the Secure Messaging Certificate Signer data object,
  • Tests for populating these newly added data objects in the PIV Card Application,
  • Tests to verify the on-card biometric comparison mechanism,
  • Tests to verify the correct behavior of secure messaging and the virtual contact interface and,
  • Tests to verify that the PIV Card Application enforces PIN length and format requirements.

Federal agencies and private organizations, including test laboratories as well as individuals, are invited to review the draft guidelines and submit comments to NIST by email to pivtesting@nist.gov with "Comments on Draft SP 800-85A-4" in the subject line. Comments should be submitted using the comment template (see link below - Excel spreadsheet). The comment period closes at 5:00pm EDT on July 10, 2015.

Created December 21, 2016, Updated April 25, 2017