NIST preapproves first PIV-II smart card
- By Jason Miller
- Jan 26, 2006
The National Institute of Standards and Technology has issued the first preapproval for a smart card that meets Homeland Security Presidential Directive 12
, Federal Information Processing Standard 201
On their Personal Identity Verification program Web site
, NIST listed Oberthur Card Systems of Rancho Dominguez, Calf., as having its Cosmo 64 v5 Smart Card with PIV II v.1.03 JavaCard applet meeting the FIPS-201 conformance test.
Oberthur's card now is undergoing testing for compliance with FIPS-140-2 Cryptographic Module Validation Program to ensure it still conforms to the security requirements.
"It looks as though we will have some cards make it all the way through the process [by] early February," said Curt Barker, NIST's PIV program manager. "By having a precertified card, it means the application has been approved; so when CMVP people look at it, they are looking at a stable configuration, and they are looking at stable product."
Because smart cards that include the PIV application are cryptographic modules, the conformance to FIPS-140-2 needs to be re-examined to make sure continues to conform, Barker said. He estimated that completion of the CMVP validation would take six to eight weeks.
Barker added that Oberthur's card has already started the CMVP validation process.
Other cards, including one from GemPlus SA of Luxembourg, are also being tested, industry experts said.
Once validated for FIPS-201 and FIPS-140-2, cards must go through interoperability testing at labs sponsored by the General Services Administration before agencies can purchase them. GSA officials have said they plan to begin testing by late spring.
NIST eventually also will list preapproved middleware products on the Web site.