Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-157 Rev. 1 (Final Public Draft)

Guidelines for Derived Personal Identity Verification (PIV) Credentials

Date Published: November 14, 2024
Comments Due: January 10, 2025
Email Comments to: piv_comments@nist.gov

Author(s)

Hildegard Ferraiolo (NIST), Andrew Regenscheid (NIST), James Fenton (Altmode Networks)

Announcement

This draft of SP 800-157r1 incorporates all comment resolutions since the initial public draft (ipd) was posted in 2023 [see comments received on the ipd]. The final public draft details the expanded set of derived PIV credentials in a variety of form factors and authenticator types, as envisioned in OMB Memoranda M-19-17 and M-22-09 and subsequently outlined in FIPS 201-3. The cross-domain and interagency use of these credentials is provided by federation protocols outlined in the final public draft of SP 800-217Guidelines for PIV Federation. Both documents are closely aligned with the recently published second public draft of SP 800-63-4Digital Identity Guidelines. NIST hopes that this final draft document enables a close alignment with new and emerging digital authentication and federation technologies employed in the Federal Government while maintaining a strong security posture.

Submit Your Comments

The public comment period for the final public draft is open through January 10, 2025. Comments should be submitted to piv_comments@nist.gov. Reviewers are encouraged to comment on all or parts of the publication using this comment template. Comments received in response to this request will be posted online after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. Please direct questions and comments to piv_comments@nist.gov.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Abstract

Keywords

authentication; credentials; derived PIV credentials; electronic authentication; electronic credentials; mobile devices; personal identity verification; PIV
Control Families

None selected