NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

Published

Author(s)

Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Scott Shorter

Abstract

The purpose of this Special Publication is to provide appropriate and useful guidelines for assessing the reliability of issuers of Personal Identity Verification (PIV) Cards and Derived PIV Credentials. These issuers store personal information and issue credentials based on Office of Management and Budget (OMB) policies and on the standards published in response to Homeland Security Presidential Directive 12 (HSPD-12) and therefore are the primary target of the assessment and authorization under this guideline. The reliability of an issuer is of utmost importance when one organization (e.g., a federal agency) is required to trust the identity credentials of individuals that were created and issued by another federal agency. This trust will only exist if organizations relying on the credentials issued by a given organization have the necessary level of assurance that the reliability of the issuing organization has been established through a formal authorization process. [Supersedes SP 800-79-1 (June 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=152182]
Citation
Special Publication (NIST SP) - 800-79-2
Report Number
800-79-2
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs
Supercedes Publication
Guidelines for the Accreditation of Personal Identity Verification Card Issuers

Download Paper

DOI Link

Keywords

assessment, authorization, controls, derived PIV credentials, issuer, personal identity verification, PIV card
Biometrics, Cybersecurity and privacy and Federal information processing standards (FIPS)

Citation

Ferraiolo, H. , Chandramouli, R. , Ghadiali, N. , Mohler, J. and Shorter, S. (2015), Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-79-2 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 30, 2015, Updated November 10, 2018
Was this page helpful?