Saturday, January 14, 2023

NIST Releases Two Draft Guidelines on Personal Identity Verification (PIV) Credentials

 NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials, and NIST SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation. These two SPs complement Federal Information Processing Standard (FIPS) 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors.

  • NIST SP 800-157 has been revised to feature an expanded set of derived PIV credentials to include public key infrastructure (PKI) and non-PKI-based phishing-resistant multi-factor authenticators.
  • NIST SP 800-217 details technical requirements on the use of federated PIV identity and the interagency use of assertions to implement PIV federations backed by PIV identity accounts and PIV credentials.

NIST will introduce both draft documents at a virtual workshop on February 1, 2023. Please see the workshop homepage to register and attend the virtual event. 

The public comment period for both draft publications is open through March 24, 2023. See the publication details for NIST SP 800-157r1 and NIST SP 800-217 to download the drafts and find instructions for submitting comments.

NOTE: A call for patent claims is included on page iii of each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.