NIST issues report to improve management of PIV cards

The National Institute of Standards and Technology is trying to improve how agencies deploy and use card management systems under Homeland Security Presidential Directive 12.

Through a new publication, Personal Identity Verification Card Management Report issued earlier this week, NIST gives project managers an overview of card management systems, identifies generic card management requirements and looks at some of the technical approaches to fill the existing gaps in PIV card management.

The report builds upon Special Publication 800-73, which outlines the interfaces for PIV cards.

NIST said SP 800-73 does not 'contain a complete card management specification for PIV systems.' And with many agencies looking at ways to enhance the card management and personalization capabilities of the PIV card, NIST officials thought the report would help 'maintain backwards capability and enable development of fully functional and interoperable PIV cards that can be deployed across multiple card management systems and host middleware.'

In the report, NIST also said agencies should consider using International Standards Organization (ISO) 7816 standard for smart cards for a cryptographic discovery mechanism. NIST said 'to enhance interoperability, it is useful to specify a minimum mandatory subset of 7816-15,' so as to not add too much complexity to the card and the management system. Additionally, the report provides a list of possible ISO 7816-16 tag sets.

'Expanding the PIV command set to include management and personalization would result in a higher level of consistency and testability for PIV card issuance processes, enhanced ability to outsource various card management components and functions and improved overall security for the federal PIV framework,' NIST said.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected