FIPS 201 Resources

Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush on August 27, 2004, mandated the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 requires the use of a common identification credential for both logical and physical access to Federally controlled facilities and information systems.

The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, issued on February 25, 2005, and a number of special publications that provide more detail on the implementation of the standard.

Both Federal agencies and enterprises are now planning or implementing FIPS 201-compliant ID programs. The resources below were compiled by the Smart Card Alliance Physical Access Council to assist organizations with their implementation of FIPS 201.

Smart Card Alliance Publications

• Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials, Smart Card Alliance Physical Access Council white paper developed in collaboration with the Open Security Exchange, Security Industry Association and International Biometric Industry Association, September 2007
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007
• Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility, Smart Card Alliance Physical Access Council white paper, September 2006
• FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007
• Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006

NIST Publications

• Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, NIST, February 25, 2005
• FIPS 201 Errata
• NIST PIV Program web site, http://csrc.nist.gov/piv-program
• NIST Special Publication 800-63 (SP 800-63), June 2004: Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology
• NIST Special Publication 800-73 (SP 800-73), April 2005: Interfaces for Personal Identity Verification
• NIST Special Publication 800-73 Supplemental Information: Namespace Management for Personal Identity Verification (PIV) Applications and Data Objects, May 17, 2005
• NIST Draft Special Publication 800-76 (SP 800-76), December 2005: Biometric Data Specification for Personal Identity Verification. The comment period for this draft closes at 5pm EST on Jan. 13, 2006. The comment template form is available at http://www.csrc.nist.gov/piv-project/fips201-support-docs.html website and should be submitted to DraftFips201@nist.gov.
• NIST Special Publication 800-78 (SP 800-78), April 2005: Cryptographic Algorithms and Key Sizes for Personal identity Verification
• NIST Special Publication 800-79 (SP 800-79), July 2005: Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
• NIST Draft Special Publication 800-85 (SP 800-85), August 2005: PIV Middleware and PIV Card Application Conformance Test Guidelines (SP 800-73 compliance)
• NIST Draft Special Publication 800-87 (SP 800-87), August 2005: Codes for the Identification of Federal and Federally-Assisted Organizations

Office of Management and Budget (OMB) Guidance

• OMB Federal Identity Credentialing Committee web site, http://www.cio.gov/ficc/
• “Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors,” Office of Management and Budget Memorandum M-05-24, August 5, 2005
• “E-Authentication Guidance to Federal Agencies,” OMB Memorandum M-04-04, December 16, 2003

General Services Administration (GSA) Guidance on Implementation and Acquisition

• GSA smart card web site, http://www.smart.gov/whats_new.cfm
• “Acquisitions of Products and Services for Implementation of HSPD-12,” General Services Administration (GSA) memorandum, August 10, 2005
• Federal Identity Management Handbook (Draft), GSA publication, July 2005. This document provides specific implementation direction on course of action, schedule requirements, acquisition planning, migration planning, lessons learned, and case studies.

Federal Identity Credentialing Interagency Advisory Board (IAB) Publications

• IAB web site, http://www.smart.gov/IAB/
• Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems, Version 2.2, July 30, 2004 (PACS 2.2)

Presidential Directives

• Homeland Security Presidential Directive/HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004
• Homeland Security Presidential Directive/HSPD-11: Comprehensive Terrorist-Related Screening Procedures, August 27, 2004

Industry Associations

• International Biometric Industry Association (IBIA), http://www.ibia.org
• Open Security Exchange, http://www.opensecurityexchange.org
• Security Industry Association (SIA), http://www.siaonline.org
• Smart Card Alliance, http://www.smartcardalliance.org

Other Resources

• FIPS201.com, a complete source for FIPS 201 and GSA Approved Identity and Credentialing Products from Avisian Publications