NIST is announcing the initial public drafts of NIST SP 800-157r1
(Revision 1), Guidelines for
Derived Personal Identity Verification (PIV) Credentials,
and NIST SP 800-217, Guidelines for
Personal Identity Verification (PIV) Federation. These
two SPs complement Federal Information Processing Standard (FIPS) 201-3,
which defines the requirements and characteristics of government-wide
interoperable identity credentials used by federal employees and contractors.
- NIST SP 800-157 has been
revised to feature an expanded set of derived PIV credentials to include
public key infrastructure (PKI) and non-PKI-based phishing-resistant
multi-factor authenticators. - NIST SP 800-217 details
technical requirements on the use of federated PIV identity and the
interagency use of assertions to implement PIV federations backed by PIV identity
accounts and PIV credentials.
NIST will introduce both draft documents at a virtual workshop on February 1,
2023. Please see the workshop homepage
to register and attend the virtual event.
The public comment period for both draft publications is open
through March 24, 2023. See the publication details
for NIST SP 800-157r1
and NIST SP 800-217
to download the drafts and find instructions for submitting comments.
NOTE: A call for
patent claims is included on page iii of each draft. For additional
information, see the Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications.