NIST issues report to improve management of PIV cards

The National Institute of Standards and Technology is trying to improve how agencies deploy and use card management systems under Homeland Security Presidential Directive 12.

Through a new publication, Personal Identity Verification Card Management Report issued earlier this week, NIST gives project managers an overview of card management systems, identifies generic card management requirements and looks at some of the technical approaches to fill the existing gaps in PIV card management.

The report builds upon Special Publication 800-73, which outlines the interfaces for PIV cards.

NIST said SP 800-73 does not 'contain a complete card management specification for PIV systems.' And with many agencies looking at ways to enhance the card management and personalization capabilities of the PIV card, NIST officials thought the report would help 'maintain backwards capability and enable development of fully functional and interoperable PIV cards that can be deployed across multiple card management systems and host middleware.'

In the report, NIST also said agencies should consider using International Standards Organization (ISO) 7816 standard for smart cards for a cryptographic discovery mechanism. NIST said 'to enhance interoperability, it is useful to specify a minimum mandatory subset of 7816-15,' so as to not add too much complexity to the card and the management system. Additionally, the report provides a list of possible ISO 7816-16 tag sets.

'Expanding the PIV command set to include management and personalization would result in a higher level of consistency and testability for PIV card issuance processes, enhanced ability to outsource various card management components and functions and improved overall security for the federal PIV framework,' NIST said.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group