NIST seeking comments on PIV interface standards

The National Institute of Standards and Technology has issued draft specifications for smart cards to retrieve and use identity credentials under Federal Information Processing Standard 201.

NIST Special Publication 800-73-1 specifies a personal-identification verification data model, communication interface and application programming interface. The document also 'constrains implementers' interpretation of the standards to ease implementation, facilitate interoperability and ensure performance.'

SP 800-73-1 includes standard interfaces for transitional approaches that some agencies, such as the Defense Department, are taking and end-point approaches, which many agencies that don't have card systems in place, are taking. NIST will accept comments through Feb. 28.

The release of the draft specification comes on the heels of NIST's pre-approval to two more smart cards that would meet PIV II. A card from GemPlus SA of Luxembourg and another from Sagem Orga of Paderborn, Germany, are going through the pre-approval process. NIST also has pre-approved three middleware products from Sagem, GemPlus and ActivCard Inc. of Freemonst, Calif.

The smart cards must now undergo testing for compliance with FIPS-140-2 Cryptographic Module Validation Program to ensure they still conform to the security requirements. Because smart cards that include the PIV application are cryptographic modules, conformance to FIPS-140-2 needs to be re-examined to make sure they continue to conform, NIST officials have said.

Oberthur Card Systems of Rancho Dominguez, Calf., had the first card pre-approved, and its certification is under NIST review, according to NIST's Web site.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected