Jump to content

FIPS 201: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
External links: snap link
External links: official website first
 
(45 intermediate revisions by 29 users not shown)
Line 1: Line 1:
{{Short description|US Federal standard}}
'''FIPS 201 ([[Federal Information Processing Standard]]s Publication 201)''' is a [[United States]] federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
[[File:Example PIV card.png|thumb|An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.]]
'''FIPS 201''' ('''[[Federal Information Processing Standards|Federal Information Processing Standard]] Publication 201''') is a [[Federal government of the United States|United States federal government]] standard that specifies '''Personal Identity Verification''' ('''PIV''') requirements for Federal employees and contractors.


In response to HSPD-12<ref>HSPD-12, [http://csrc.nist.gov/drivers/documents/Presidential-Directive-Hspd-12.html HSPD-12, Homeland Security Presidential Directive 12]</ref>, the [[NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD 12, approved by the [[Secretary of Commerce]], and issued on February 25, 2005.
In response to HSPD-12, the [[National Institute of Standards and Technology|NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the [[United States Secretary of Commerce|Secretary of Commerce]], and issued on February 25, 2005.


This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.<ref>{{Cite journal|last=Technology|first=National Institute of Standards and|date=2013-09-05|title=Personal Identity Verification (PIV) of Federal Employees and Contractors|doi=10.6028/NIST.FIPS.201-3 |url=https://csrc.nist.gov/publications/detail/fips/201/3/final|language=en}}</ref> FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.<ref>
FIPS 201 together with [[National Institute of Standards and Technology|NIST]] SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required for U.S. Federal Agencies but do not apply to US national security systems.<ref>NIST SP 800-78 [http://csrc.nist.gov/publications/nistpubs/800-78-1/SP-800-78-1_final2.pdf Cryptographic Algorithms and Key Sizes for Personal Identity Verification]</ref>
{{cite journal
|last1=Cooper |first1=David A.
|last2=Ferraiolo |first2=Hildegard
|last3=Mehta |first3=Ketan L.
|last4=Francomacaro |first4=Salvatore
|last5=Chandramouli |first5=Ramaswamy
|last6=Mohler |first6=Jason
|date=December 2010
|title=Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation
|publisher=[[National Institute of Standards and Technology]]
|at=Section 1.1, Paragraph 2
|doi=10.6028/NIST.SP.800-73-4
|quote=NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems.
|doi-access=free
}}</ref>


FIPS 201 was replaced by FIPS 201-2<ref>
The SmartCard Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II US government agencies should use [[smart card]] technology.<ref>IAB [http://www.smart.gov/iab/ Interagency Advisory Board]</ref>
{{Cite journal
|year=2013
|title=Personal Identity Verification (PIV) of Federal Employees and Contractors
|doi=10.6028/NIST.FIPS.201-2
|s2cid=113957449
}}</ref> on September 5, 2013,<ref>Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491</ref> and by FIPS 201-3 in January 2022.<ref>Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation</ref>

[[File:Deputy Secretary P. Lynn Scarlett 48-DPA-K DS nbc 10-26-06 9278.jpg|thumb|Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006]]
The [[Government Smart Card Interagency Advisory Board]] has indicated that to comply with FIPS 201 PIV II, US government agencies should use [[smart card]] technology.


==See also==
==See also==
*[[Common Access Card]]
*[[Common Access Card]]
*[[Federal Information Processing Standards]]


==References==
==References==
{{reflist}}
<references />


==External links==
==External links==
* {{official website}}
* [http://csrc.nist.gov/piv-program/index.html PIV Information ]
* {{cite web
* [http://csrc.nist.gov/npivp/ PIV News]
|title = Interagency Advisory Board
* [http://www.idmanagement.gov/fpkipa/ Shared Service Providers ]
|publisher = IDManagement.gov
* [http://fips201ep.cio.gov/apl.php FIPS 201 Evaluation Program Approved Products List (APL)]
|url = http://www.idmanagement.gov/iab/
[[Category:Standards]]
|accessdate = 2011-06-17
|url-status = dead
|archiveurl = https://web.archive.org/web/20110811172348/http://www.idmanagement.gov/iab/
|archivedate = 2011-08-11
}}
* {{cite web
|title=HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors
|publisher=[[United States Department of Homeland Security|Department of Homeland Security]]
|url=https://www.dhs.gov/xabout/laws/gc_1217616624097.shtm
|accessdate=2011-06-17
}}
* {{cite web
|title=About Personal Identity Verification (PIV) of Federal Employees and Contractors
|publisher=[[National Institute of Standards and Technology]] Computer Security Resource Center
|url=http://csrc.nist.gov/groups/SNS/piv/
|accessdate=2011-06-17
}}
* {{cite web
|title=Federal PKI Policy Authority (FPKIPA)
|publisher=IDManagement.gov
|url=http://www.idmanagement.gov/fpkipa/
|accessdate=2011-06-17
|url-status=dead
|archiveurl=https://web.archive.org/web/20110608062553/http://www.idmanagement.gov/fpkipa/
|archivedate=2011-06-08
}}
* {{cite web
|title=FIPS 201 Evaluation Program
|publisher=[[General Services Administration]]
|url=https://www.idmanagement.gov/sell/fips201/
|accessdate=2019-12-06
}}

{{authority control}}


[[Category:Standards of the United States]]
[[ja:FIPS 201]]

Latest revision as of 09:16, 20 December 2024

An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.

FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.

In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.

This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.[1] FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.[2]

FIPS 201 was replaced by FIPS 201-2[3] on September 5, 2013,[4] and by FIPS 201-3 in January 2022.[5]

Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006

The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.

See also

[edit]

References

[edit]
  1. ^ Technology, National Institute of Standards and (2013-09-05). "Personal Identity Verification (PIV) of Federal Employees and Contractors". doi:10.6028/NIST.FIPS.201-3. {{cite journal}}: Cite journal requires |journal= (help)
  2. ^ Cooper, David A.; Ferraiolo, Hildegard; Mehta, Ketan L.; Francomacaro, Salvatore; Chandramouli, Ramaswamy; Mohler, Jason (December 2010). "Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation". National Institute of Standards and Technology. Section 1.1, Paragraph 2. doi:10.6028/NIST.SP.800-73-4. NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ "Personal Identity Verification (PIV) of Federal Employees and Contractors". 2013. doi:10.6028/NIST.FIPS.201-2. S2CID 113957449. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491
  5. ^ Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation
[edit]