Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Releases SP 800-85A-4, PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)
April 13, 2016

Special Publication (SP) 800-85A-4 provides derived test requirements and test assertions for testing PIV Middleware and PIV Card Applications for conformance to specifications in SP 800-73-4, Interfaces for Personal Identity Verification, and SP 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The document has been updated to include additional tests necessary to test the new features added to the PIV Data Model and card interface as well as to the PIV Middleware in SP 800-73-4 Parts 1, 2, and 3.

These include:

  • Tests for retrieving newly added optional PIV data objects such as the Biometric Information Templates Group Template data object, the Pairing Code Reference Data Container and the Secure Messaging Certificate Signer data object;
  • Tests for populating these newly added data objects in the PIV Card Application;
  • Tests to verify the on-card biometric comparison mechanism;
  • Tests to verify the correct behavior of secure messaging and the virtual contact interface; and
  • Tests to verify that the PIV Card Application enforces PIN length and format requirements.
Created December 21, 2016, Updated May 15, 2017