Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-85A-4

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)

Date Published: April 2016

Supersedes: SP 800-85A-2 (07/28/2010)


David Cooper (NIST), Hildegard Ferraiolo (NIST), Ramaswamy Chandramouli (NIST), Jason Mohler (Electrosoft Services)



application programming interface (API); authentication; card command interface; derived test requirements (DTR); FIPS 201; identity credential; middleware; Personal Identity Verification (PIV); smart cards; test assertions
Control Families

Assessment, Authorization and Monitoring; System and Services Acquisition; System and Information Integrity


Download URL

Supplemental Material:
None available

Publication Parts:
SP 800-85B

Related NIST Publications:
SP 800-85B-4 (Draft)
SP 800-73-4
FIPS 201-3

Document History:
04/13/16: SP 800-85A-4 (Final)


Security and Privacy

acquisition, Personal Identity Verification


smart cards

Laws and Regulations

Homeland Security Presidential Directive 12