Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FIPS 201-3 Approved and Published: NIST Revises Personal Identity Verification (PIV) of Federal Employees and Contractors
January 24, 2022

NIST is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.)

FIPS 201-3 addresses the comments received during the public comment period in November 2020.
High-level changes include:

  • Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services
  • Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials
  • Focus on the use of federation to facilitate interoperability and interagency trust
  • Addition of supervised remote identity proofing processes
  • Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)
  • Support for the secure messaging authentication mechanism (SM-AUTH)

A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History, and this matrix includes public comments received on the November 2020 draft, and their resolutions.

Federal Register Notice

Document Number: 2022-01246

Parent Project

See: Personal Identity Verification
Created January 20, 2022, Updated January 24, 2022