The following are links to various web sites or documents related to FIPS 201. Each link includes a short commentary on the document or web site that is referenced in the link.

#1 HSPD-12

Homeland Security Presidential Directive #12 (HSPD-12) was signed by President George W. Bush on August 27, 2004. This Directive started the process that resulted in the issuance of FIPS 201, numerous Special Publications, OMB Directives, the issuance of PIV credentials, and a move by the Executive Branch of the federal government to standardize across agencies on the process to vet personnel, issue credentials, and the technology inside the credential.

 

#2 FIPS 201

Federal Information Processing Standard 201 Revision 2 (FIPS 201-2) is the Standard, or requirement, for the issuance of identification credentials, PIV or CAC, within the Executive branch of the federal government. All FIPS documents are generated and published by the National Institute of Standards and Technology (NIST). There are 2 pervious iterations of FIPS 201, the original FIPS 201 and FIPS 201-1, that are no longer in force. A compliant system, solution, or agency, must comply with the most current requirement. There are numerous supporting documents from NIST with in the SP800 series and guidance from the Office of Management and Budget (OMB) that require the require the use of complaint credentials.

 

#3 NIST SP800 Series

National Institute of Standards and Technology Special Publication Series 800 (NIST SP800) all relate to the security of information and information systems. The entire series is available at the link above. Some of the Special Publications that directly relate to PIV Identity Verification (PIV) credentials include:

 

#4 SP800-63

Electronic Authentication Guideline discusses the methods for authenticating users of electronic information systems.

 

#5 SP800-73

Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representations discusses the operations of the card, how and where data is stored on the card, how data is retrieved from the card, and how other systems interact with the card.

 

#6 SP800-79

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI) provides the guidelines for those that issue the PIV and CAC. The purpose of these guidelines is to provide a common, minimum standard for the process used to issue the credential.

 

#7 SP800-116

A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) discusses how the PACS should be deployed and the PIV utilized with that PACS. This, in many ways, follows along the CIO Council, Identity and Credential Access Management Sub Committee (ICAM) Roadmap on the implementation of PACS.