The National Institute of Standards and Technology released the second draft version of its updated security standard for identity credentials in personal identity verification cards, also known as PIV cards.
The document, Personal Identity Verification of Federal Employees and Contractors, is now open for public comment. Comments can be submitted by email to firstname.lastname@example.org and must be received by August 10, 2012.
The document is the next step towards updating Federal Information Processing Standard (FIPS) 201, published in February 2005.
"The original FIPS 201 indicates the standard should be reviewed after five years to see if changes need to be made," said NIST computer security researcher Hildegard Ferraiolo. "After implementing the standard, federal departments and agencies learned a number of lessons that, combined with technological changes over the years, made an update worthwhile."
Ferraiolo said improvements in the revised draft include:
- Update a card's credentials remotely without the need to appear in person at the issuer site, a change that should create significant cost savings.
- Create additional credential(s) for use on mobile devices such as smart phones.
- Offer additional capabilities, such as secure messaging and on-card fingerprint comparison, to provide more flexibility in selecting the appropriate level of security for federal applications that use the PIV card for authentication.