FIPS 201: Difference between revisions
Content deleted Content added
The RedBurn (talk | contribs) →External links: official website first |
|||
| (13 intermediate revisions by 10 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|US Federal standard}} |
|||
[[File:Example PIV card.png|thumb|An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.]] |
[[File:Example PIV card.png|thumb|An example diagram of a Personal Identity Verification (PIV) card issued by various United States government agencies. Not all fields are used by all agencies.]] |
||
'''FIPS 201''' ('''[[Federal Information Processing Standards|Federal Information Processing Standard]] Publication 201''') is a [[Federal government of the United States|United States federal government]] standard that specifies '''Personal Identity Verification''' ('''PIV''') requirements for Federal employees and contractors. |
'''FIPS 201''' ('''[[Federal Information Processing Standards|Federal Information Processing Standard]] Publication 201''') is a [[Federal government of the United States|United States federal government]] standard that specifies '''Personal Identity Verification''' ('''PIV''') requirements for Federal employees and contractors. |
||
In response to HSPD-12, the [[National Institute of Standards and Technology|NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors |
In response to HSPD-12, the [[National Institute of Standards and Technology|NIST]] Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the [[United States Secretary of Commerce|Secretary of Commerce]], and issued on February 25, 2005. |
||
This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.<ref>{{Cite journal|last=Technology|first=National Institute of Standards and|date=2013-09-05|title=Personal Identity Verification (PIV) of Federal Employees and Contractors|doi=10.6028/NIST.FIPS.201-3 |url=https://csrc.nist.gov/publications/detail/fips/201/3/final|language=en}}</ref> FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.<ref> |
|||
FIPS 201 together with [[National Institute of Standards and Technology|NIST]] SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required{{Citation needed|reason=SP 800-78-3 says it is voluntary, not required|date=June 2011}} for U.S. Federal Agencies, but do not apply to US National Security systems.<ref>{{cite journal |
|||
{{cite journal |
|||
|title=Special Publication 800-78-4 — Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV) |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
|title=Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation |
|||
|publisher=[[National Institute of Standards and Technology]] |
|publisher=[[National Institute of Standards and Technology]] |
||
| ⚫ | |||
|at=Section 1.1, Paragraph 2 |
|at=Section 1.1, Paragraph 2 |
||
| ⚫ | |||
|doi=10.6028/NIST.SP.800-73-4 |
|doi=10.6028/NIST.SP.800-73-4 |
||
| ⚫ | |||
|last1=Cooper |
|||
|doi-access=free |
|||
| ⚫ | |||
| ⚫ | |||
|last2=Ferraiolo |
|||
| ⚫ | |||
|last3=Mehta |
|||
| ⚫ | |||
| ⚫ | |||
|first4=Salvatore |
|||
| ⚫ | |||
|first5=Ramaswamy |
|||
| ⚫ | |||
|first6=Jason |
|||
| ⚫ | |||
FIPS 201 was replaced by FIPS 201-2<ref> |
|||
FIPS 201 was replaced by FIPS 201-2<ref>NIST ''FIPS PUB 201-2 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Personal Identity Verification (PIV) of Federal Employees and Contractors'' https://doi.org/10.6028/NIST.FIPS.201-2</ref> on September 5, 2013.<ref>Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491</ref> |
|||
{{Cite journal |
|||
|year=2013 |
|||
|title=Personal Identity Verification (PIV) of Federal Employees and Contractors |
|||
|doi=10.6028/NIST.FIPS.201-2 |
|||
|s2cid=113957449 |
|||
}}</ref> on September 5, 2013,<ref>Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491</ref> and by FIPS 201-3 in January 2022.<ref>Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation</ref> |
|||
[[File:Deputy Secretary P. Lynn Scarlett 48-DPA-K DS nbc 10-26-06 9278.jpg|thumb|Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006]] |
[[File:Deputy Secretary P. Lynn Scarlett 48-DPA-K DS nbc 10-26-06 9278.jpg|thumb|Deputy Secretary of the Interior P. Lynn Scarlett demonstrating a PIV card in 2006]] |
||
| Line 38: | Line 41: | ||
==External links== |
==External links== |
||
* {{official website}} |
|||
* {{cite web |
* {{cite web |
||
|title = Interagency Advisory Board |
|title = Interagency Advisory Board |
||
| Line 50: | Line 54: | ||
|title=HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors |
|title=HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors |
||
|publisher=[[United States Department of Homeland Security|Department of Homeland Security]] |
|publisher=[[United States Department of Homeland Security|Department of Homeland Security]] |
||
|url=https://www.dhs.gov/xabout/laws/gc_1217616624097.shtm |
|url=https://www.dhs.gov/xabout/laws/gc_1217616624097.shtm |
||
|accessdate=2011-06-17 |
|||
}} |
|||
* {{cite web |
* {{cite web |
||
|title=About Personal Identity Verification (PIV) of Federal Employees and Contractors |
|title=About Personal Identity Verification (PIV) of Federal Employees and Contractors |
||
Latest revision as of 09:16, 20 December 2024
FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors to access Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.
This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors.[1] FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.[2]
FIPS 201 was replaced by FIPS 201-2[3] on September 5, 2013,[4] and by FIPS 201-3 in January 2022.[5]
The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.
See also
[edit]References
[edit]- ^ Technology, National Institute of Standards and (2013-09-05). "Personal Identity Verification (PIV) of Federal Employees and Contractors". doi:10.6028/NIST.FIPS.201-3.
{{cite journal}}: Cite journal requires|journal=(help) - ^
Cooper, David A.; Ferraiolo, Hildegard; Mehta, Ketan L.; Francomacaro, Salvatore; Chandramouli, Ramaswamy; Mohler, Jason (December 2010). "Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation". National Institute of Standards and Technology. Section 1.1, Paragraph 2. doi:10.6028/NIST.SP.800-73-4.
NIST is responsible for developing standards and guidelines ... but such standards and guidelines shall not apply to national security systems.
{{cite journal}}: Cite journal requires|journal=(help) - ^
"Personal Identity Verification (PIV) of Federal Employees and Contractors". 2013. doi:10.6028/NIST.FIPS.201-2. S2CID 113957449.
{{cite journal}}: Cite journal requires|journal=(help) - ^ Federal Register Volume 78, Issue 172 (September 5, 2013) https://www.govinfo.gov/app/details/FR-2013-09-05/2013-21491
- ^ Personal Identity Verification of Federal Employees and Contractors https://csrc.nist.gov/Projects/piv/piv-standards-and-supporting-documentation
External links
[edit]- Official website
- "Interagency Advisory Board". IDManagement.gov. Archived from the original on 2011-08-11. Retrieved 2011-06-17.
- "HSPD-12 — Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors". Department of Homeland Security. Retrieved 2011-06-17.
- "About Personal Identity Verification (PIV) of Federal Employees and Contractors". National Institute of Standards and Technology Computer Security Resource Center. Retrieved 2011-06-17.
- "Federal PKI Policy Authority (FPKIPA)". IDManagement.gov. Archived from the original on 2011-06-08. Retrieved 2011-06-17.
- "FIPS 201 Evaluation Program". General Services Administration. Retrieved 2019-12-06.