July 12, 2012
Second Draft Of Federal ID Credential Security Standard Released By NIST
The National Institute of Standards and Technology (NIST) has released the second-round draft version of its updated security standard for identity credentials in the Personal Identity Verification cards (PIV cards) that all federal employees and contractors must use. NIST is requesting comments from the public on the document, which is intended to be the last draft before the final version is published.
The document is the next step toward updating Federal Information Processing Standard (FIPS) 201, which was published in February 2005. Among its requirements are that all PIV cards contain an integrated circuit chip for storing electronic information, a personal identification number and protected biometric data–a printed photograph and two electronically stored fingerprints.
Ferraiolo says the update will not require anyone to replace their current PIV card, but will make the new cards, based on the revised specification, more flexible and effective. Among the numerous improvements in the revised draft are the abilities to:
Update a card's credentials remotely without the need to appear in person at the issuer site, a change that should create significant cost savings.
Create additional credential(s) for use on mobile devices such as smart phones.
Offer additional capabilities, such as secure messaging and on-card fingerprint comparison, to provide more flexibility in selecting the appropriate level of security for federal applications that use the PIV card for authentication.
On The Net: