NIST issues revised FIPS 201
WASHINGTON—The National Institute of Standards and Technology has released a new draft of its security standard for the Personal Identity Verification cards that all federal employees and contractors must use.
The institute is seeking public comments on this revised version of the Federal Information Processing Standard (FIPS) 201, which is intended to be the last draft before the final version is published.
The original FIPS 201, released in February 2005, required all PIV cards to contain an integrated circuit chip for storing electronic information, a personal identification number and protected biometric data (a printed photograph and two fingerprints).
The initial document indicated the standard should be reviewed after five years, so the revisions should not be a surprise, according to NIST computer security researcher Hildegard Ferraiolo. "After implementing the standard, federal departments and agencies learned a number of lessons that, combined with technological changes over the years, made an update worthwhile," he said in a statement.
The revisions will not require anyone to replace their current PIV card, Ferraiolo said, but will make new cards more flexible and effective.
Among the revisions are the ability to update a card's credentials remotely without the need to appear in person where the cards are issued; to create additional credentials for use on mobile devices such as smart phones; and to offer additional capabilities, such as on-card fingerprint comparison and the option to collect and store iris biometric data on the card. These new capabilities will provide flexibility when selecting the appropriate level of security for PIV card holders.
The revision also changes the maximum life of a PIV card from five to six years.
Comments on the revised document should be submitted by email to email@example.com, and must be received by August 10, 2012. Comments will be incorporated into the final version, to be called FIPS 201-2.
NIST also is holding a free public workshop to discuss the revised draft next week. Register online for the July 25 workshop here. The workshop will be webcast as well.