NIST Revising Identity Verification FIPS

Standard to Allow Remote Updates, Use of Mobile Devices as ID
NIST Revising Identity Verification FIPS

The National Institute of Standards and Technology is seeking comments from stakeholders on the security standards it's updating for the federal government's personal identity verification, or PIV, cards.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

NIST published this week the second revision of its draft of Federal Information Processing Standard 201: Personal Identity Verification of Federal Employees and Contractors.

The document updates the FIPS 201 published in February 2005, and the revision would require all PIV cards to contain an integrated circuit chip for storing electronic information, a personal identification number and protected biometric data - a printed photograph and two electronically stored fingerprints.

NIST computer security researcher Hildegard Ferraiolo says the update will not require anyone to replace their current PIV card, but will make the new cards, based on the revised specification, more flexible and effective. Among the numerous improvements in the revised draft are the abilities to:

  • Update a card's credentials remotely without the need to appear in person at the issuer site, a change that should create significant cost savings.
  • Create additional credentials for use on mobile devices such as smart phones.
  • Offer additional capabilities, such as secure messaging and on-card fingerprint comparison, to provide more flexibility in selecting the appropriate level of security for federal applications that use the PIV card for authentication.

NIST also is requesting comments on a related FIPS support publication, the Biometric Data Specification for Personal Identity Verification, Special Publication 800-76-2. The draft update to SP 800-76-2 amends the 2007 biometric data specifications to include new card options: Agencies will be able to use iris recognition as a biometric, on-card fingerprint comparison instead of a 6-digit personal identification number for card activation. The draft also extends and refines the biometric sensor and performance specifications for improved security.

Comments on both documents should be submitted by email to, and must be received by Aug. 10.

NIST also is holding a free public workshop to discuss the revised draft of FIPS 201 on July 25. Online registration is required. The workshop will be webcast as well.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.