The IT Law Wiki


National Institute of Standards and Technology, Personal Identity Verification (PIV) of Federal Employees and Contractors (FIPS 201-1) (Mar. 2006) (including Change Notice 1 of June 23, 2006) (full-text).


This standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The overall goal is to achieve appropriate security assurance for multiple applications by efficiently verifying the claimed identity of individuals seeking physical access to Federally controlled government facilities and electronic access to government information systems.

The standard contains two major sections. Part one describes the minimum requirements for a Federal personal identity verification system that meets the control and security objectives of Homeland Security Presidential Directive 12, including personal identity proofing, registration, and issuance. Part two provides detailed specifications that will support technical interoperability among PIV systems of Federal departments and agencies. It describes the card elements, system interfaces, and security controls required to securely store, process, and retrieve identity credentials from the card. The physical card characteristics, storage media, and data elements that make up identity credentials are specified in this standard. The interfaces and card architecture for storing and retrieving identity credentials from a smart card are specified in Special Publication 800-73, "Interfaces for Personal Identity Verification." Similarly, the interfaces and data formats of biometric information are specified in Special Publication 800-76, "Biometric Data Specification for Personal Identity Verification."

This standard does not specify access control policies or requirements for Federal departments and agencies.