NIST Releases Two Draft Guidelines on Personal Identity Verification (PIV) Credentials

 NIST is announcing the initial public drafts of NIST SP 800-157r1
(Revision 1),
Guidelines for
Derived Personal Identity Verification (PIV) Credentials
and NIST SP 800-217,
Guidelines for
Personal Identity Verification (PIV) Federation
two SPs complement Federal Information Processing Standard
(FIPS) 201-3,
which defines the requirements and characteristics of government-wide
interoperable identity credentials used by federal employees and contractors.

  • NIST SP 800-157 has been
    revised to feature an expanded set of derived PIV credentials to include
    public key infrastructure (PKI) and non-PKI-based phishing-resistant
    multi-factor authenticators.
  • NIST SP 800-217 details
    technical requirements on the use of federated PIV identity and the
    interagency use of assertions to implement PIV federations backed by PIV identity
    accounts and PIV credentials.

NIST will introduce both draft documents at a virtual workshop on February 1,
. Please see the workshop homepage
to register and attend the virtual event. 

The public comment period for both draft publications is open
through March 24, 2023.
See the publication details
for NIST SP 800-157r1
and NIST SP 800-217
to download the drafts and find instructions for submitting comments.

NOTE: A call for
patent claims is included on page iii of each draft. For additional
information, see the 
Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications