Personal Identity Verification of Federal Employees and Contractors PIV

SP 800-116 Revision 1 High-level Change Summary

NIST SP 800-116 been updated to Revision 1 to align with FIPS 201-2. High-level changes include:

• Update to section 4.4 (previously section 7.1) to reflect the FIPS 201-2 requirements for credential validation.
• Reflection of the FIPS 201-2 deprecation of CHUID authentication mechanism throughout the document.
• Reflection of the downgrade of VIS authentication mechanism to LITTLE or NO” confidence in cardholder’s identity.
• Removal of the CHUID +VIS authentication mechanism from the list of recommended authentication mechanisms.
• Addition of a new appendix titled “Improving Authentication Transaction Times” to improve the computationally expensive PKI one-factor authentication mechanism (i.e., PKI-CAK).
• Addition of the OCC-AUTH as a two-factor authentication mechanism introduced in FIPS 201-2.
• Removal of Section 9 titled “Migration Strategy” as implementation have matured and are more advanced.
• Removal of Section 10 titled “Future Topics”. FIPS 201-2 and associated special publications have addressed these future topics.
• Addition of a new Section (6.1) titled “PIV Identifiers” and a summary table with pro and cons to describe the identifiers available on the PIV Card that can map to a PACS’s access control list.
• Expansion of authentication in context to allow context provided by physically measures that prevent more than one person from passing through an access point (e.g., turnstiles, gates) after each authentication. This is in addition to authentication in context where PACS can store and recall recent access control decisions.
• Addition of a new Section (6.7) titled “PACS and ICAM Infrastructure” to describe PACS as part of an integrated ICAM infrastructure.
• In coordination with the Interagency Security Committee (ISC), replaced the Department of Justice’s “Vulnerability Assessment Report of Federal Facilities” document with the ISC’s document titled “Risk Management Process for Federal Facilities” to aid deriving the security requirement for facilities.