NIST issues report to improve management of PIV cards

The National Institute of Standards and Technology is trying to improve how agencies deploy and use card management systems under Homeland Security Presidential Directive 12.

Through a new publication, Personal Identity Verification Card Management Report issued earlier this week, NIST gives project managers an overview of card management systems, identifies generic card management requirements and looks at some of the technical approaches to fill the existing gaps in PIV card management.

The report builds upon Special Publication 800-73, which outlines the interfaces for PIV cards.

NIST said SP 800-73 does not 'contain a complete card management specification for PIV systems.' And with many agencies looking at ways to enhance the card management and personalization capabilities of the PIV card, NIST officials thought the report would help 'maintain backwards capability and enable development of fully functional and interoperable PIV cards that can be deployed across multiple card management systems and host middleware.'

In the report, NIST also said agencies should consider using International Standards Organization (ISO) 7816 standard for smart cards for a cryptographic discovery mechanism. NIST said 'to enhance interoperability, it is useful to specify a minimum mandatory subset of 7816-15,' so as to not add too much complexity to the card and the management system. Additionally, the report provides a list of possible ISO 7816-16 tag sets.

'Expanding the PIV command set to include management and personalization would result in a higher level of consistency and testability for PIV card issuance processes, enhanced ability to outsource various card management components and functions and improved overall security for the federal PIV framework,' NIST said.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.