FIPS 201

In response to HSPD 12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.

Benefits of FIPS-201 and PIV/PIV I

Coordinating multiple independent credentialing and identity management efforts can be a challenge. It is difficult enough to manage identities and attributes locally, and even more challenging to manage them when dealing with multi-jurisdictional interoperability. Credentialing and identity management solutions are particularly costly when implementation is not based on standards and best practices.

The adoption of FIPS 201 as the basis for issuing a PIV or PIV-I card can substantially reduce these challenges. Adoption can:

FIPS 201 and PIV leverage existing ANSI, ISO, IETF and other standards. Thousands of products including most operating systems, mobile and enterprise applications and services and physical access control system support PIV-I credentials because of these standards.

About FIPS

FIPS 201 incorporates three technical publications specifying several aspects of the required administrative procedures and technical specifications that may change as the standard is implemented and used. These are:

1. NIST Special Publication 800-73, "Interfaces for Personal Identity Verification" specifies the interface and data elements of the PIV card;
2. NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification" specifies the technical acquisition and formatting requirements for biometric data of the PIV system;
3. NIST Special Publication 800-78, "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.

In addition, a number of guidelines, reference implementations, and conformance tests have been identified as being needed to: