NIST issues report to improve management of PIV cards
- By Jason Miller
- Jan 20, 2006
The National Institute of Standards and Technology is trying to improve how agencies deploy and use card management systems under Homeland Security Presidential Directive 12
Through a new publication, Personal Identity Verification Card Management Report
issued earlier this week, NIST gives project managers an overview of card management systems, identifies generic card management requirements and looks at some of the technical approaches to fill the existing gaps in PIV card management.
The report builds upon Special Publication 800-73
, which outlines the interfaces for PIV cards.
NIST said SP 800-73 does not 'contain a complete card management specification for PIV systems.' And with many agencies looking at ways to enhance the card management and personalization capabilities of the PIV card, NIST officials thought the report would help 'maintain backwards capability and enable development of fully functional and interoperable PIV cards that can be deployed across multiple card management systems and host middleware.'
In the report, NIST also said agencies should consider using International Standards Organization (ISO) 7816 standard for smart cards for a cryptographic discovery mechanism. NIST said 'to enhance interoperability, it is useful to specify a minimum mandatory subset of 7816-15,' so as to not add too much complexity to the card and the management system. Additionally, the report provides a list of possible ISO 7816-16 tag sets.
'Expanding the PIV command set to include management and personalization would result in a higher level of consistency and testability for PIV card issuance processes, enhanced ability to outsource various card management components and functions and improved overall security for the federal PIV framework,' NIST said.