ANSI - American National Standards Institute
 Print this article  Previous Next 

Deadline Passes for Federal Agencies to Begin Issuing “Smart” ID cards

New York, Oct 27, 2006

Today marks the deadline for federal agencies to begin issuing new biometrics-based smart cards to its employees and contractors for access to federal buildings and information systems nationwide. The measure is part of the 2004 mandate, Homeland Security Presidential Directive 12 (HSPD-12), which called for a mandatory, government-wide standard for secure and reliable forms of identification to enhance government security and efficiency, reduce identity fraud, and protect personal privacy.

While agencies must begin issuing the personal identity verification (PIV) cards today, they have until October 27, 2008, to provide them to all employees. The implementation of the PIV system involves a significant degree of organizational change across federal agencies.

To assist in the implementation and deployment of these new forms of identification, the National Institute of Standards and Technology (NIST) spearheaded the development of an overarching standard, the Federal Information Processing Standard (FIPS) 201, Personal Identity Verification of Federal Employees and Contractors, and several supporting documents. FIPS 201 encompasses three technical publications covering several aspects of the initiative’s administrative procedures and technical specifications:

  • NIST Special Publication 800-73, Interfaces for Personal Identity Verification, outlines the interface and data elements of the card’s biometric information.

  • NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, details procedures for the technical acquisition and formatting requirements of fingerprints and facial images used to authenticate identity. A revised draft of the document recently released for public comment includes clarified performance testing and certification procedures.

  • NIST Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, specifies the acceptable cryptographic algorithms and key sizes to be used for the PIV system.

According to NIST, the standards are likely to undergo revision as the PIV system is fully implemented and put into use. To enable interoperability between federal organizations so that cards issued by one agency can be used to gain to access to another, NIST has released NIST Special Publication 800-96, PIV Card to Reader Interoperability Guidelines to ensure compatibility between cards and readers from different vendors. Last spring, NIST conducted a PIV demonstration to test the compatibility of products from forty-four companies, concluding in a subsequent report that the products currently available offered viable solutions for meeting the HSPD-12 mandate.

NIST has identified several areas of focus for additional guidelines necessary to support the continued roll-out of the system. Future projects will include the development of standards that assure appropriate levels of security for all relevant applications, that support the electronic transmittal and storage of biometric data, and that protect the personal privacy of PIV system subscribers.

Additional information on the PIV program, FIPS 201, and supporting documents is available here.

ANSI Membership