Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations

Published

Author(s)

Dennis K. Branstad, Alicia Clay Jones, Joan Hash

Abstract

[Superseded by SP 800-79-1 (June 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=152182] Homeland Security Presidential Directive 12 (HSPD-12) established a policy for all Federal departments and agencies to create and use a government-wide secure and reliable form of identification for their Federal employees and contractors. It further specified that this secure and reliable form of identification be issued only by service providers whose reliability has been established by an official accreditation process. This document should be used by any Federal department or agency to accredit the reliability of the organization that will issue Personal Identity Verification (PIV) Cards that comply with Federal Information Processing Standard (FIPS) 201 to their Federal employees or Federal contractor employees. This document describes a set of attributes that should be exhibited by a PIV Card Issuing organization (hereafter called a PCI) in order to be accredited and should be used for assessing the reliability of an organization providing PCI services to a Federal agency or contractor. Certification in this context means a formal process of assessing the attributes affecting reliability of a PCI using various methods of assessment (e.g., interviews, laboratory test results, procedure evaluation) that support the assertion that the PCI is reliable and capable of enrolling approved Federal identity card applicants and issuing them PIV Cards. Accreditation is the official management decision of a Senior Agency Official to authorize operation of a PCI after determining that its reliability has satisfactorily been established through appropriate assessment and certification processes. Accreditation provides a form of quality control and helps to assure that the managers and technical staffs at all levels of a PCI will implement and perform procedures compliant with FIPS 201.
Citation
Special Publication (NIST SP) - 800-79
Report Number
800-79

Keywords

accreditation, credentials, HSPD-12, PCI, Personal Identity Verification, PIV, security assessment

Citation

Branstad, D. , Clay, A. and Hash, J. (2005), Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed August 11, 2022)
Created July 1, 2005, Updated February 19, 2017