Date Published: December 2015
Comments Due:
Email Questions to:
Author(s)
Hildegard Ferraiolo (NIST), David Cooper (NIST), Nabil Ghadiali (National Gallery of Art), Jason Mohler (Electrosoft Services), Vincent Johnson (Electrosoft Services), Steven Brady (Electrosoft Services)
Announcement
NIST announces the release of Draft Special Publication (SP) 800-116 Revision 1, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS), and requests public comments. It provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in federal facilities. The document also recommends a risk-based approach for selecting appropriate PIV authentication mechanisms to manage physical access to federal government facilities and assets.
Revision 1 updates SP 800-116 to align with FIPS 201-2. High-level changes include:
- Addition of the OCC-AUTH authentication mechanisms introduced in FIPS 201-2.
- In light of the deprecation of the CHUID authentication mechanism in FIPS 201-2 and its expected removal in the next revision of FIPS 201:
- Removal of the CHUID +VIS authentication mechanism from the list of recommended authentication mechanisms.
- Addition of a new section (5.3.1) titled "Migrating Away from the Legacy CHUID Authentication Mechanism" to aid in the transition away from the CHUID + VIS authentication mechanism.
- In coordination with OMB, added text indicating that the use of the CHUID authentication mechanism past September 2019 requires the official that signs an Authorization to Operate (ATO) to indicate acceptance of the risks.
- Addition of a new appendix titled "Improving Authentication Transaction Times" to aid transiting away from the weak CHUID authentication mechanism to stronger but computationally expensive cryptographic one-factor authentication (PKI-CAK).
- Addition of a new section (5.4) titled "PIV Identifiers" and a summary table with pro and cons to describe the identifiers available on the PIV Card that can map to a PACS's access control list.
- In coordination with the Interagency Security Committee (ISC), replaced the Department of Justice's "Vulnerability Assessment Report of Federal Facilities" document with the ISC's document titled "Risk Management Process for Federal Facilities" to aid deriving the security requirement for facilities.
This recommendation provides a technical guideline to use Personal Identity Verification (PIV) Cards in physical access control systems (PACS), enabling federal agencies to operate as government-wide interoperable enterprises. This recommendation covers the risk-based strategy to select appropriate PIV authentication mechanisms as expressed within Federal Information Processing Standard (FIPS) 201-2.
This recommendation provides a technical guideline to use Personal Identity Verification (PIV) Cards in physical access control systems (PACS), enabling federal agencies to operate as government-wide interoperable enterprises. This recommendation covers the risk-based strategy to select appropriate...
See full abstract
This recommendation provides a technical guideline to use Personal Identity Verification (PIV) Cards in physical access control systems (PACS), enabling federal agencies to operate as government-wide interoperable enterprises. This recommendation covers the risk-based strategy to select appropriate PIV authentication mechanisms as expressed within Federal Information Processing Standard (FIPS) 201-2.
Hide full abstract
Keywords
e-authentication; identity assurance level; identity credential; issuance; PACS; PIV authentication mechanisms; PIV cards; PKI; credential; validation
Control Families
Access Control; Identification and Authentication; Physical and Environmental Protection; Planning; Personnel Security
