NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Announcements

NIST Announcements

POSTED September 10, 2008: 2nd DRAFT Special Publication 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

The National Institute of Standards and Technology (NIST) is pleased to announce a 2nd draft publication SP 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems. This draft provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in Federal facilities. Major changes in this draft include selection of outcome-based PIV authentication mechanisms and addition of PACS conformance best practice guideline. Federal agencies and private organizations as well as individuals are invited to review the 2nd draft document and submit comments using the comment template form (Excel spreadsheet) provided on the website.

Comments should be submitted to PIV_comments@nist.gov with "Comments on Public 2nd Draft SP 800-116" in the subject line. The comment period closes at 5:00 EST (US and Canada) on September 24, 2008.

POSTED June 30, 2008: NIST Releases Special Publication 800-79-1

NIST is pleased to announce Special Publication 800-79-1, Guidelines for the Accreditation of Personal Identity Verification Card Issuers. This is a substantial improvement over SP 800-79 that takes into account: (a) the emergent business models (in-house, leased, shared etc) for Personal Identity Card Issuers (PCI), (b) lessons learnt in past accreditations and (c) the directives in OMB memorandums. The most significant change is the replacement of “Attributes” with an objective set of PCI controls and an assessment and accreditation methodology that assess the capability and reliability of a PCI based on these controls. Specifically the accreditation methodology consists of the following steps: (a) Derivation of PCI controls based on requirements in FIPS 201-1 and supporting documents, OMB Memorandums etc. (b) Providing a context for PCI controls by identifying a set of hierarchical concepts such as PCI Accreditation Topics and PCI Accreditation Focus Areas (c) Development of Assessment methods appropriate for each PCI control that will assess conformance to those underlying requirements and (d) guidance for evaluating the results of assessments in order to arrive at an accreditation decision.

POSTED May 22, 2008: PIV Demonstration Software for Logical Access Applications

NIST is pleased to announce the release of reference implementations of a PIV Crypto Service Provider (CSP) and Public Key Cryptography Standards #11 (PKCS #11) module. These two modules, along with the PIV middleware, can be used by a client-application to access identity credentials on a PIV Card application. The CSP is developed to demonstrate Windows XP Logon with PIV Cards. Note that this CSP does NOT implement all functions required of a production CSP. Please use the accompanying documentation to install the CSP and configure Windows XP operating system. The PKCS #11 module has been developed to operate in Fedora Core 5 environment and it implements functions needed to perform Linux Logon, S/MIME and SSL authentication. The module is designed to access identity credentials on a PIV card application. Please use the accompanying documentation to install the PKCS #11 module and configure Linux OS, Firefox, and Thunderbird applications.

POSTED May 9, 2008: Presentations from the PIV Physical Access Control (PAC) Workshop

The presentations from the May 1, 2008 PAC Workshop are now available.

POSTED April 30, 2008: Special Publication 800-87 Revision 1 Released

NIST is pleased to announce Special Publication 800-87 (SP 800-87) Codes for the Identification of Federal and Federally-Assisted Organizations, Revision 1 - 2008. SP 800-87 Revision 1 - 2008 provides the organizational codes necessary to establish the Federal Agency Smart Credential Number (FASC-N) that is required to be included in the FIPS 201 Card Holder Unique (CHUID). Appendix A of SP 800-87 Revision 1 - 2008 lists the agency code updates incorporated in this revision.

POSTED April 8, 2008: PIV PACS Integration Workshop Announcement:

The National Institute of Standards and Technology (NIST), will hold a public Personal Identity Verification (PIV) Physical Access Control Systems (PACS) Integration workshop on Thursday, May 1, 2008 at the NIST campus in Gaithersburg, MD from 9:30am to 3:30pm. The purpose of the workshop is the exchange of information among the PACS implementers, Federal agencies, and NIST. NIST will provide a briefing on SP 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS), followed by a question and answer session. NIST will facilitate 10 minute individual presentations through which interested individuals may present observations to the group. All material presented will be made public. Individuals desiring to present their observations must contact Ketan Mehta (mehta_ketan@nist.gov) via email and provide an abstract and a power point slides in advance. Workshop registration is required to gain entry to the NIST facilities. Please visit http://www.nist.gov/public_affairs/confpage/conflist.htm to register. The cost of registration is $50. Registration closes on April 28, 2008.

POSTED April 2, 2008: Draft Special Publication 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems

The National Institute of Standards and Technology (NIST) is pleased to announce a draft publication SP 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems. This draft provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in Federal facilities. This draft includes recommendations for increasing the use of asymmetric key architecture and credential validation. Federal agencies and private organizations as well as individuals are invited to review the draft document and submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-116" in the subject line. The comment period closes at 5:00 EST (US and Canada) on May 12, 2008.

POSTED March 21, 2008: Comment Period for SP 800-73-2 has been EXTENDED

The public comment period for Draft SP 800-73-2 has been extended. Public comment are now due by April 18th 2008, 5:00 pm EST.

POSTED March 18, 2008: Track Changes Now Available for Draft Special Publication 800-73-2 (Parts 1-3)

The following documents contain the tracked changes from the first to second draft SP800-73-2. Editorial and formatting changes are not tracked. Out of the 4 parts for this document, ONLY Part 4 had NO changes made to it. Please go to the Drafts page to view Part 1, Part 2, and Part 3 track changes.

POSTED March 7, 2008: Second Draft of Special Publication 800-73-2, Interfaces for Personal Identity Verification

NIST has posted a second draft of SP 800-73-2 for public comments. This draft incorporates some comments and suggestions that were received after the first public comment period had closed (see 3). The changes since the first draft include: 1) relaxation of the Global PIN security status limitations, 2) incorporation of an optional Global and PIV PIN discovery object, 3) addition of a discovery object for the PIV card application, 4) elimination of the previously proposed optional U-CHUID data object, and 5) resolutions of the first draft public comments. Please go to the DRAFTS page to view the Second Public Draft and to learn more about this draft along with where to forward comments to. A comment template form is also provided. Comments period closes on April 4th 2008.

POSTED February 22, 2008: DRAFT Special Publication 800-79-1

NIST has drafted a new version of the document “Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations (SP 800-79).” The revised document is titled “Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI’s)”. This document, after a review and comment period, will be published as NIST SP 800-79-1. Federal agencies and private organizations as well as individuals are invited to review the draft Guidelines and submit comments to NIST by sending them to PIVaccreditation@nist.gov before March 30, 2008. Comments will be reviewed and posted on the CSRC website. All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication. To learn more about this draft document, please visit the DRAFT PUBLICATIONS page for more details.