Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-79 Rev. 3 (Initial Public Draft)

Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers

Date Published: December 13, 2023
Comments Due: January 29, 2024 (public comment period is CLOSED)
Email Questions to:


Hildegard Ferraiolo (NIST), Andrew Regenscheid (NIST), Sarbari Gupta (Electrosoft Services), Nabil Ghadiali (Electrosoft Services)


NIST SP 800-79r3 ipd, Guidelines for the Authorization of PIV Card and Derived PIV Credential Issuers, expands the set of issuer controls to include new and updated requirements from FIPS 201-3, its supporting updated publications (e.g., SP 800-157r1, SP 800-76r2, etc.) and newly-issued OMB Memoranda aimed at achieving compliance with federal requirements with regard to identity proofing and the issuance of a common and reliable form of a primary and derived identity credential.

NIST is specifically interested in comments on and recommendations for the following topics:

  1. Are the new and updated controls for identity proofing and the issuance and maintenance of PIV Cards and derived PIV credentials clear and practical to implement?
  2. Is it easy to determine where the updated controls need to be implemented (i.e., at the enterprise level, issuing facility level, or both)?
  3. Are the new controls for derived PIV credentials sufficient to provide comparable assurance for PIV Cards?

NIST requests that all comments be submitted by 11:59 p.m. Eastern Standard Time (EST) on January 29, 2024. Please submit comments to NIST will review all comments and make them available on CSRC. Commenters are encouraged to use this comment template.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy  Inclusion of Patents in ITL Publications.



assessment; authorization; compliance; derived PIV credentials; HSPD-12; issuer controls; personal identity verification; PIV Card
Control Families

None selected


Download URL

Supplemental Material:
Comment template (xlsx)

Document History:
12/13/23: SP 800-79 Rev. 3 (Draft)