The National Institute of Standards and Technology (NIST) has updated its technical specifications and guidance for the next generation of "smart" identity cards used by the federal government's workforce. The new specifications add enhanced security features to verify employees' and contractors' identities, as well as new capabilities that work with mobile devices and media such as smart phones.
Federal employees and contractors use Personal Identification Verification (PIV) Cards for secure access to government facilities and computers. The PIV Card features a microchip with the employee's photo, PIN, fingerprint information and other details.
The next generation PIV Card can be used with mobile devices, enabling federal employees to connect securely to government computer networks from such devices. This feature is in addition to the Derived PIV Credential as specified in Guidelines for Derived Personal Identity Verification (PIV) Credentials, issued in December 2014. The card provides stronger identity assurance for federal workers to enter many government facilities and use computers at those locations.
The revised Federal Information Processing Standard 201-2 of 2013 sets the stage for the new generation of PIV Cards by specifying new technologies for the strong authentication credential and provides enhanced support for mobile devices based on lessons learned from federal agencies.
NIST has issued updates to two key documents that lay out the technical details identified in FIPS 201-2 for government PIV Cards:
The publications are designed for U.S. government agencies to upgrade their PIV Cards, for vendors that make the cards, and for vendors that develop hardware and software to work with the cards.