Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updated Specification Issued for PIV Card Implementations

photo of the smart chip on a PIV card

This smart chip on a Personal Identity Verification (PIV) card holds two fingerprint biometrics, a unique number that identifies the individual within the PIV system, a PIN number that never leaves the card and a cryptographic key that is used to authenticate the cardholder to the PIV system.

Credit: K. Talbott/NIST

National Institute of Standards and Technology (NIST) scientists have released an updated technical specification for Personal Identity Verification (PIV) cards that are being phased in by federal departments and agencies for use by their employees and contractors. The technical specification updates the specifications issued in 2006 and will assist federal departments and agencies that are implementing the PIV system and the vendors and system integrators that supply PIV system components and services.

All federal government employees and contractors will soon be required to use PIV cards to access federal facilities and information systems, according to Homeland Security Presidential Directive 12. NIST is responsible for providing the technical specification for the PIV cards—smart cards that securely store data such as fingerprint templates and a facial image that are used to verify the cardholder's identity.

NIST Special Publication 800-73-2, Interfaces for Personal Identity Verification, details what data objects are stored on the PIV card, how they are encoded and how to retrieve and use the data objects from the PIV card. SP 800-73-2 incorporates errata from the previous version, SP 800-73-1, and aligns the card's cryptographic capabilities with the cryptographic specifications issued in SP 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, published in 2007.

For convenience, SP 800-73-2 is being issued in four parts to align with different segments of the industry. These are:

  • End-Point PIV Card Application Namespace, Data Model and Representation
  • End-Point PIV Card Application Interface
  • End-Point PIV Client Application Programming Interface
  • The PIV Transitional Data Model and Interfaces

Additional information and copies are available from the NIST Computer Security Resource Center publications Web page at http://csrc.nist.gov/publications/PubsSPs.html.

Released October 14, 2008, Updated February 7, 2023