Jump to content

FIPS 201: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
External links: official website first
 
(26 intermediate revisions by 17 users not shown)
Line 1: Line 1:
{{Short description|US Federal standard}}
[[File:Example PIV card.png|thumb|An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.]]
'''FIPS 201''' ('''[[Federal Information Processing Standards|Federal Information Processing Standard]] Publication 201''') is a [[Federal government of the United States|United States federal government]] standard that specifies '''Personal Identity Verification''' ('''PIV''') requirements for Federal employees and contractors.
'''FIPS 201''' ('''[[Federal Information Processing Standards|Federal Information Processing Standard]] Publication 201''') is a [[Federal government of the United States|United States federal government]] standard that specifies '''Personal Identity Verification''' ('''PIV''') requirements for Federal employees and contractors.


In response to HSPD-12, the [[National Institute of Standards and Technology|NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the [[United States Secretary of Commerce|Secretary of Commerce]], and issued on February 25, 2005.
In response to HSPD-12, the [[National Institute of Standards and Technology|NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the [[United States Secretary of Commerce|Secretary of Commerce]], and issued on February 25, 2005.


This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.<ref>{{Cite journal|last=Technology|first=National Institute of Standards and|date=2013-09-05|title=Personal Identity Verification (PIV) of Federal Employees and Contractors|doi=10.6028/NIST.FIPS.201-3 |url=https://csrc.nist.gov/publications/detail/fips/201/3/final|language=en}}</ref> FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.<ref>
FIPS 201 together with [[National Institute of Standards and Technology|NIST]] SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required{{Citation needed|reason=SP 800-78-3 says it is voluntary, not required|date=June 2011}} for U.S. Federal Agencies, but do not apply to US National Security systems.<ref>{{cite web|
{{cite journal
title=Special Publication 800-78-3 — Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)|
|last1=Cooper |first1=David A.
publisher=[[National Institute of Standards and Technology]]|
|last2=Ferraiolo |first2=Hildegard
date=December 2010|
|last3=Mehta |first3=Ketan L.
at=Section 1.1, Paragraph 2|
|last4=Francomacaro |first4=Salvatore
quote=NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems.|
|last5=Chandramouli |first5=Ramaswamy
url=http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf|
|last6=Mohler |first6=Jason
format=PDF|
|date=December 2010
accessdate=2011-06-17}}</ref>
|title=Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation
|publisher=[[National Institute of Standards and Technology]]
|at=Section 1.1, Paragraph 2
|doi=10.6028/NIST.SP.800-73-4
|quote=NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems.
|doi-access=free
}}</ref>


FIPS 201 was replaced by FIPS 201-2<ref>
{{Cite journal
|year=2013
|title=Personal Identity Verification (PIV) of Federal Employees and Contractors
|doi=10.6028/NIST.FIPS.201-2
|s2cid=113957449
}}</ref> on September 5, 2013,<ref>Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491</ref> and by FIPS 201-3 in January 2022.<ref>Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation</ref>

[[File:Deputy Secretary P. Lynn Scarlett 48-DPA-K DS nbc 10-26-06 9278.jpg|thumb|Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006]]
The [[Government Smart Card Interagency Advisory Board]] has indicated that to comply with FIPS 201 PIV II, US government agencies should use [[smart card]] technology.
The [[Government Smart Card Interagency Advisory Board]] has indicated that to comply with FIPS 201 PIV II, US government agencies should use [[smart card]] technology.


Line 20: Line 38:


==References==
==References==
{{reflist}}
<references />


==External links==
==External links==
* {{official website}}
* {{cite web
* {{cite web
|title = Interagency Advisory Board
|title = Interagency Advisory Board
Line 28: Line 47:
|url = http://www.idmanagement.gov/iab/
|url = http://www.idmanagement.gov/iab/
|accessdate = 2011-06-17
|accessdate = 2011-06-17
|deadurl = yes
|url-status = dead
|archiveurl = https://web.archive.org/web/20110811172348/http://www.idmanagement.gov/iab/
|archiveurl = https://web.archive.org/web/20110811172348/http://www.idmanagement.gov/iab/
|archivedate = 2011-08-11
|archivedate = 2011-08-11
|df =
}}
}}
* {{cite web|
* {{cite web
title=HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors|
|title=HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors
publisher=[[United States Department of Homeland Security|Department of Homeland Security]]|
|publisher=[[United States Department of Homeland Security|Department of Homeland Security]]
url=https://www.dhs.gov/xabout/laws/gc_1217616624097.shtm|
|url=https://www.dhs.gov/xabout/laws/gc_1217616624097.shtm
accessdate=2011-06-17}}
|accessdate=2011-06-17
}}
* {{cite web|
* {{cite web
title=About Personal Identity Verification (PIV) of Federal Employees and Contractors|
|title=About Personal Identity Verification (PIV) of Federal Employees and Contractors
publisher=[[National Institute of Standards and Technology]] Computer Security Resource Center|
|publisher=[[National Institute of Standards and Technology]] Computer Security Resource Center
url=http://csrc.nist.gov/groups/SNS/piv/|
|url=http://csrc.nist.gov/groups/SNS/piv/
accessdate=2011-06-17}}
|accessdate=2011-06-17
}}
* {{cite web
* {{cite web
|title=Federal PKI Policy Authority (FPKIPA)
|title=Federal PKI Policy Authority (FPKIPA)
Line 48: Line 68:
|url=http://www.idmanagement.gov/fpkipa/
|url=http://www.idmanagement.gov/fpkipa/
|accessdate=2011-06-17
|accessdate=2011-06-17
|deadurl=yes
|url-status=dead
|archiveurl=https://web.archive.org/web/20110608062553/http://www.idmanagement.gov/fpkipa/
|archiveurl=https://web.archive.org/web/20110608062553/http://www.idmanagement.gov/fpkipa/
|archivedate=2011-06-08
|archivedate=2011-06-08
|df=
}}
}}
* {{cite web|
* {{cite web
title=FIPS 201 Evaluation Program|
|title=FIPS 201 Evaluation Program
publisher=[[General Services Administration]]|
|publisher=[[General Services Administration]]
url=http://fips201ep.cio.gov/|
|url=https://www.idmanagement.gov/sell/fips201/
accessdate=2011-06-17}}
|accessdate=2019-12-06
}}

{{authority control}}


[[Category:Standards]]
[[Category:Standards of the United States]]

Latest revision as of 09:16, 20 December 2024

An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.

FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.

In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.

This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.[1] FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.[2]

FIPS 201 was replaced by FIPS 201-2[3] on September 5, 2013,[4] and by FIPS 201-3 in January 2022.[5]

Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006

The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.

See also

[edit]

References

[edit]
  1. ^ Technology, National Institute of Standards and (2013-09-05). "Personal Identity Verification (PIV) of Federal Employees and Contractors". doi:10.6028/NIST.FIPS.201-3. {{cite journal}}: Cite journal requires |journal= (help)
  2. ^ Cooper, David A.; Ferraiolo, Hildegard; Mehta, Ketan L.; Francomacaro, Salvatore; Chandramouli, Ramaswamy; Mohler, Jason (December 2010). "Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation". National Institute of Standards and Technology. Section 1.1, Paragraph 2. doi:10.6028/NIST.SP.800-73-4. NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ "Personal Identity Verification (PIV) of Federal Employees and Contractors". 2013. doi:10.6028/NIST.FIPS.201-2. S2CID 113957449. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491
  5. ^ Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation
[edit]