NIST Updates Specifications for PIV Cards - SP 800-73-2

October 21, 2008 // Published as a news service by IHS

This release updates the specifications issued in 2006 and will assist federal departments and agencies that are implementing the PIV system and the vendors and system integrators that supply PIV system components and services.

In response to U.S. Homeland Security Presidential Directive 12, all federal government employees and contractors will soon be required to use PIV cards to access federal facilities and information systems.

NIST is responsible for providing the technical specification for the PIV cards - smart cards that securely store data such as fingerprint templates and a facial image that are used to verify the cardholder's identity.

NIST Special Publication 800-73-2 details what data objects are stored on the PIV card, how they are encoded and how to retrieve and use the data objects from the PIV card.

SP 800-73-2 incorporates errata from the previous version, SP 800-73-1, and aligns the card's cryptographic capabilities with the cryptographic specifications issued in SP 800-78-1, “Cryptographic Algorithms and Key Sizes for Personal Identity Verification,” published in 2007.

For convenience, SP 800-73-2 is being issued in four parts to align with different segments of the industry. These include:

• End-Point PIV Card Application Namespace, Data Model and Representation
• End-Point PIV Card Application Interface
• End-Point PIV Client Application Programming Interface
• The PIV Transitional Data Model and Interfaces

For more information, go to http://csrc.nist.gov/publications/PubsSPs.html.

Source: National Institute of Standards and Technology (NIST).