Skip to content

Latest commit

 

History

History
30 lines (22 loc) · 2.23 KB

index.md

File metadata and controls

30 lines (22 loc) · 2.23 KB
layout title description permalink
cover
FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors
FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors
/

Posted: Jan 24, 2022

The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. See the Federal Register Notice announcing FIPS 201-3 approval at https://www.federalregister.gov/d/2022-01246.

Available Online

FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors

Summary of Changes

FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include:

  • Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services
  • Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials
  • Focus on the use of federation to facilitate interoperability and interagency trust
  • Addition of supervised remote identity proofing processes
  • Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)
  • Support for the secure messaging authentication mechanism (SM-AUTH)

A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History, and all comments and dispositions can be found on the project repository or in the 2020 Draft comments and dispositions.

More Information:

A printable PDF is available on the NIST Computer Security Resource Center at https://csrc.nist.gov/publications/detail/fips/201/3/final.

For more information about the PIV standard and associated technical guidelines, see the PIV Project Page on the Computer Security Resource Center.