Updated Specification Issued for PIV Card Implementations

National Institute of Standards and Technology (NIST) scientists have released an updated technical specification for Personal Identity Verification (PIV) cards that are being phased in by federal departments and agencies for use by their employees and contractors. The technical specification updates the specifications issued in 2006 and will assist federal departments and agencies that are implementing the PIV system and the vendors and system integrators that supply PIV system components and services.

All federal government employees and contractors will soon be required to use PIV cards to access federal facilities and information systems, according to Homeland Security Presidential Directive 12. NIST is responsible for providing the technical specification for the PIV cards—smart cards that securely store data such as fingerprint templates and a facial image that are used to verify the cardholder's identity.

NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification, details what data objects are stored on the PIV card, how they are encoded and how to retrieve and use the data objects from the PIV card. SP 800-73-2 incorporates errata from the previous version, SP 800-73-1, and aligns the card's cryptographic capabilities with the cryptographic specifications issued in SP 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, published in 2007.

For convenience, SP 800-73-2 is being issued in four parts to align with different segments of the industry. These are:

• End-Point PIV Card Application Namespace, Data Model and Representation
• End-Point PIV Card Application Interface
• End-Point PIV Client Application Programming Interface
• The PIV Transitional Data Model and Interfaces

Additional information and copies are available from the NIST Computer Security Resource Center publications Web page at http://csrc.nist.gov/publications/PubsSPs.html.