FB pixel

NIST releases final public drafts of PIV credential guidelines

NIST releases final public drafts of PIV credential guidelines
 

The National Institute of Standards and Technology (NIST) released its final public drafts of two documents that aim to enhance the security and interoperability of identity verification processes within federal agencies.

The publications are NIST Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials, and NIST Special Publication (SP) 800-217, Guidelines for Personal Identity Verification (PIV) Federation.

These publications are part of NIST’s ongoing efforts to enhance digital identity verification processes, ensuring they are secure, reliable, and interoperable across federal agencies.

The Guidelines for Derived PIV Credentials revision expands the scope of derived PIV credentials beyond mobile devices to include various form factors and authenticator types. It introduces non-PKI-based, phishing-resistant multi-factor credentials, aligning with directives from the Office of Management and Budget (OMB) Memoranda M-19-17 and M-22-09, and the Federal Information Processing Standards (FIPS) 201-3.

Key updates include the inclusion of non-PKI-based authenticators to provide flexibility in authentication methods; detailed guidelines on the issuance, maintenance, and termination of derived PIV credentials; and enhanced controls to ensure that non-PKI-based credentials offer assurance comparable to traditional PIV Cards.

The final version of NIST’s Guidelines for PIV Federation provides technical requirements for implementing federated PIV identity services, enabling cross-domain and interagency use of PIV credentials. It focuses on the use of assertions to facilitate PIV federations backed by PIV identity accounts and credentials.

Key components include specifications for protocols that support the federated use of PIV credentials across different agencies; guidelines for establishing trust agreements between agencies to ensure secure and interoperable identity verification; consistency with the Digital Identity Guidelines to maintain a cohesive approach to digital identity management.

NIST invites stakeholders to review and provide feedback on these drafts. The public comment period is open through January 10, 2025. Comments should be submitted to piv_comments@nist.gov. Reviewers are encouraged to use the comment templates provided on the publication details pages.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events