Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-73-5 (Initial Public Draft)

Interfaces for Personal Identity Verification: Part 1 – PIV Card Application Namespace, Data Model and Representation

Date Published: September 27, 2023
Comments Due: December 8, 2023 (public comment period is CLOSED)
Email Questions to: piv_comments@nist.gov

Planning Note (11/14/2023):

The public comment period was extended to December 8, 2023.


Author(s)

Hildegard Ferraiolo (NIST), Ketan Mehta (NIST), Salvatore Francomacaro (NIST), Sarbari Gupta (Electrosoft Services)

Announcement

In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now available for public comment.

SP 800-73-5: Parts 1–3 ipd (Initial Public Draft)

SP 800-73-5: Parts 1–3 ipd, Interfaces for Personal Identity Verification, describes the technical specifications for using the PIV cards including a PIV data model (Part 1), card edge interface (Part 2), and application programming interface (Part 3). Major changes to the documents include:

  • Removal of the previously deprecated CHUID authentication mechanism
  • Deprecation of the SYM-CAK and VIS authentication mechanisms
  • Addition of an optional 1-factor secure messaging authentication mechanism (SM-Auth) for contactless interfaces for facility access applications
  • Additional use of the facial image biometric for general authentication via BIO and BIO-A authentication mechanisms
  • Restriction on the number of consecutive activation retries for each of the activation methods (i.e., PIN and OCC attempts) to be 10 or less
  • SP 800-73-5: Part 3 on PIV Middleware specification marked as optional to implement

We encourage you to use this comment template to record and organize your comments on the SP 800-73-5 parts.

Also see SP 800-78-5 ipd.

Submit Comments

The comment period for these drafts is open through December 8, 2023 November 15, 2023. See the publication details (linked above) to download the drafts and comment templates. Comments and inquiries should be sent to piv_comments@nist.gov.

Workshop

NIST hosted a Personal Identity Verification Webinar on November 8, 2023, to discuss both SP 800-73-5 ipd and SP 800-78-5 ipd.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Abstract

Keywords

authentication; FIPS 201; identity credential; logical access control; on-card biometric comparison; Personal Identity Verification (PIV); physical access control; smart cards; secure messaging
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-73pt1-5.ipd
Download URL

Supplemental Material:
Comment template (xlsx)

Related NIST Publications:
SP 800-73-5 (Draft)
SP 800-73-5 (Draft)

Document History:
09/27/23: SP 800-73-5 (Draft)
07/15/24: SP 800-73-5 (Final)

Topics

Security and Privacy

Personal Identity Verification

Technologies

smart cards

Laws and Regulations

Homeland Security Presidential Directive 12