From ae193f6a19d4838ef502326072ce78e726e2464f Mon Sep 17 00:00:00 2001 From: Andrew Regenscheid Date: Fri, 29 Oct 2021 14:47:27 -0400 Subject: [PATCH 1/5] readme- announcement Initial update- will need to revise with links --- README.md | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c1a8f2e0..789e572f 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,16 @@ -# Draft FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors -The National Institute of Standards and Technology (NIST) requests comments on Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors (Standard). This Standard defines common credentials and authentication mechanisms offering varying degrees of security for both logical and physical access applications. The draft revision proposes changes to FIPS 201-2, Standard for Personal Identity Verification of Federal Employees and Contractors to include: expanding specification on the use of additional PIV credentials known as derived PIV credentials, procedures for supervised remote identity proofing, the use of federation as a means for a relying system to interoperate with PIV credentials issued by other agencies, alignment with the current practice/policy of the Federal Government and specific changes requested by Federal agencies and implementers. +# FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors +The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) -## Request for Comments -The draft of FIPS 201-3 is available for review and comment on the NIST Pages website at . -A printable PDF is available on the NIST Computer Security Resource Center at . +## Summary of Changes +FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include: +* Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services +* Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials +* Focus on the use of federation to facilitate interoperability and interagency trust +* Addition of supervised remote identity proofing processes +* Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS) +* Support for the secure messaging authentication mechanism (SM-AUTH) -**Comments on FIPS 201-3 must be received on or before February 1, 2021.** Comments should be submitted on the project repository -at . Comments may alternatively be sent to preferably using -the comment template available at . - -All submissions, including attachments and other supporting materials, will become part of the public record and subject to public -disclosure. NIST reserves the right to publish relevant comments, unedited and in their entirety. Relevant comments received by -the deadline will be published electronically at without change or redaction, so commenters -should not include information they do not wish to be posted. Personal information, such as account numbers or Social Security -numbers, or names of other individuals, should not be included. Do not submit confidential business information or otherwise sensitive -or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not -be posted or considered. +A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History. Public comments and dispositions can be found in the Issues tab of this repository. ## Build Instructions From ef76c4bf5b6a675461c81976c12f55dd95d73c59 Mon Sep 17 00:00:00 2001 From: Andrew Regenscheid Date: Fri, 29 Oct 2021 14:58:57 -0400 Subject: [PATCH 2/5] index page- announcement Initial changes- will need to update links --- index.md | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/index.md b/index.md index 55295867..25e4ac16 100644 --- a/index.md +++ b/index.md @@ -1,34 +1,30 @@ --- layout: cover -title: "Draft FIPS 201-3 Available for Public Comment" -description: "Draft FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors" +title: "FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors" +description: "FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors" permalink: / --- -## Posted: November, 2020 +## Posted: XXX, XX 2021 -The National Institute of Standards and Technology (NIST) requests comments on draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors. This revision proposes several revisions to support the policy objectives outlined in [OMB M-19-17](https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf), align with emerging standards and technologies for digital identity, support the use of alternative authenticators, and encourage interoperability through federation. +The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) ## Available Online -[Draft FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors](_FIPS201/abstract.md) +[FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors](_FIPS201/abstract.md) -## Comments -The draft of FIPS 201-3 is available for review and comment on the NIST Pages website at . +## Summary of Changes +FIPS 201-2 addresses the comments received during the public comment period in November 2020. High level changes include: +* Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services +* Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials +* Focus on the use of federation to facilitate interoperability and interagency trust +* Addition of supervised remote identity proofing processes +* Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS) +* Support for the secure messaging authentication mechanism (SM-AUTH) -**Comments on FIPS 201-3 must be received on or before February 1, 2021.** Comments should be submitted on the project repository -at . Comments may alternatively be sent to preferably using -the comment template available at . - -All submissions, including attachments and other supporting materials, will become part of the public record and subject to public -disclosure. NIST reserves the right to publish relevant comments, unedited and in their entirety. Relevant comments received by -the deadline will be published electronically at without change or redaction, so commenters -should not include information they do not wish to be posted. Personal information, such as account numbers or Social Security -numbers, or names of other individuals, should not be included. Do not submit confidential business information or otherwise sensitive -or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not -be posted or considered. +A detailed list of changes is available in [FIPS 201-3, Appendix E, Revision History](_FIPS201/revisions.md), and all comments and dispositions can be found on the [project repository](https://github.com/usnistgov/FIPS201/issues) or in the [2020 Draft comments and dispositions](TBD). ## More Information: -A printable PDF is available on the NIST Computer Security Resource Center at . +A printable PDF is available on the NIST Computer Security Resource Center at . For more information about the PIV standard and associated technical guidelines, see the [PIV Project Page](https://csrc.nist.gov/Projects/PIV/) on the [Computer Security Resource Center](https://csrc.nist.gov). From 58406ef25a54d0c9993dbc1cc46f9dd6b1b96cd1 Mon Sep 17 00:00:00 2001 From: Andrew Regenscheid Date: Tue, 2 Nov 2021 10:22:04 -0400 Subject: [PATCH 3/5] Update index.md Co-authored-by: Justin Richer --- index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.md b/index.md index 25e4ac16..c98f29d1 100644 --- a/index.md +++ b/index.md @@ -14,7 +14,7 @@ The National Institute of Standards and Technology (NIST) is pleased to announce [FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors](_FIPS201/abstract.md) ## Summary of Changes -FIPS 201-2 addresses the comments received during the public comment period in November 2020. High level changes include: +FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include: * Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services * Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials * Focus on the use of federation to facilitate interoperability and interagency trust From 61efba3562d9608536ecf64b92901a1a08c85542 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 20 Jan 2022 13:39:55 -0500 Subject: [PATCH 4/5] Apply suggestions from code review Co-authored-by: Andrew Regenscheid --- README.md | 2 ++ index.md | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 789e572f..fa15c4fa 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) +The rendered version is available from NIST pages . + ## Summary of Changes FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include: * Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services diff --git a/index.md b/index.md index c98f29d1..e4c992e8 100644 --- a/index.md +++ b/index.md @@ -5,7 +5,7 @@ description: "FIPS 201-3 Personal Identity Verification (PIV) of Federal Employe permalink: / --- -## Posted: XXX, XX 2021 +## Posted: Jan 24, 2022 The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) @@ -22,9 +22,9 @@ FIPS 201-3 addresses the comments received during the public comment period in N * Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS) * Support for the secure messaging authentication mechanism (SM-AUTH) -A detailed list of changes is available in [FIPS 201-3, Appendix E, Revision History](_FIPS201/revisions.md), and all comments and dispositions can be found on the [project repository](https://github.com/usnistgov/FIPS201/issues) or in the [2020 Draft comments and dispositions](TBD). +A detailed list of changes is available in [FIPS 201-3, Appendix E, Revision History](_FIPS201/revisions.md), and all comments and dispositions can be found on the [project repository](https://github.com/usnistgov/FIPS201/issues) or in the [2020 Draft comments and dispositions](https://csrc.nist.gov/publications/detail/fips/201/3/final). ## More Information: -A printable PDF is available on the NIST Computer Security Resource Center at . +A printable PDF is available on the NIST Computer Security Resource Center at . For more information about the PIV standard and associated technical guidelines, see the [PIV Project Page](https://csrc.nist.gov/Projects/PIV/) on the [Computer Security Resource Center](https://csrc.nist.gov). From f901cc7875bb83307c57d898707e9ca7225898fb Mon Sep 17 00:00:00 2001 From: Andrew Regenscheid Date: Fri, 21 Jan 2022 12:29:12 -0500 Subject: [PATCH 5/5] Apply suggestions from code review Add Federal Register link --- README.md | 2 +- index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fa15c4fa..ed8cb38d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors -The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) +The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. See the Federal Register Notice announcing FIPS 201-3 approval at . The rendered version is available from NIST pages . diff --git a/index.md b/index.md index e4c992e8..5209ecfb 100644 --- a/index.md +++ b/index.md @@ -7,7 +7,7 @@ permalink: / ## Posted: Jan 24, 2022 -The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. (See the Federal Register Notice announcing FIPS 201-3 approval.) +The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. See the Federal Register Notice announcing FIPS 201-3 approval at . ## Available Online