NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-73 Interfaces for Personal Identity Verification
Companion Document to FIPS 201
on Monday 06 February 2006 print the content item {PDF=create pdf file of the content item^plugin:content.50}
in NIST.gov Publications > Special Publications - SP 800 series

The Homeland Security Presidential Directive HSPD-12 called for a common identification standard to be adopted governing the interoperable use of identity credentials to allow physical and logical access to Federal government locations and systems. The Personal Identity Verification (PIV) of Federal Employees and Contractors, Federal Information Processing Standard 201 (FIPS 201) was developed to establish standards for identity credentials. This document, Special Publication 800-73 (SP 800-73), specifies interface requirements for retrieving and using the identity credentials from the PIV Card and is a companion document to FIPS 201.

Download the entire NIST SP 800-73 PDF

You may use the NIST.org Forum to ask questions or discuss this document.

Below is a short description of SP 800-73 from NIST.gov, edited:

FIPS 201 defines procedures for the PIV lifecycle activities including identity proofing, registration, PIV Card issuance, and PIV Card usage. FIPS 201 also specifies that the identity credentials must be stored on a smart card. This document contains technical specifications to interface with the smart card to retrieve and use the identity credentials. These specifications reflect the design goals of interoperability and PIV Card functions. The goals are addressed by specifying a PIV data model, communication interface, and application programming interface. Moreover, this specification enumerates requirements where the standards include options and branches. This document goes further by constraining implementers' interpretation of the normative standards. Such restrictions are designed to ease implementation, facilitate interoperability, and ensure performance, in a manner tailored for PIV applications.

This document specifies the PIV data model, Application Programming Interface (API), and card interface requirements necessary to comply with the mandated use cases, as defined in Section 6 of FIPS 201 and further elaborated in Section 1.7 below, for interoperability across deployments or agencies. Interoperability is defined as the use of PIV identity credentials such that client-application programs, compliant card applications and compliant integrated circuit cards (ICC) can be used interchangeably by all information processing systems across Federal agencies. The specification defines PIV data element identifiers, structure, and format. This specification also describes the client-application programming interface and the card command interface for use of the PIV Card. This document does not address the back-end processes that must be performed to attain full identity assertion.

---
The SP 800-73 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).


NIST Special Publication # 800-73


Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-9862 (mac_os_x)
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and ...
»CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II ...
»CVE-2015-8946 (ecryptfs-utils, ubuntu_linux)
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from acti ...
»CVE-2016-0635 (documaker, enterprise_manager_ops_center, health_sciences_information_manager, healthcare_master_person_index, insurance_calculation_engine, insurance_policy_administration_j2ee, insurance_rules_palette, primavera_contract_management, primavera_p6_enterprise_project_portfolio_management, retail_integration_bus, retail_order_broker_cloud_service)
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manage ...
»CVE-2016-1374 (unified_computing_system_performance_manager)
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allo ...
»CVE-2016-1460 (wireless_lan_controller_software)
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers t ...
»CVE-2016-1462 (prime_service_catalog)
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Servic ...
»CVE-2016-1463 (firesight_system_software)
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypas ...
»CVE-2016-1465 (nx-os)
Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attac ...
»CVE-2016-1467 (videoscape_session_resource_manager)
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of servic ...
»CVE-2016-1705 (chrome)
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a ...
»CVE-2016-1706 (chrome)
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC me ...
»CVE-2016-1707 (chrome)
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensu ...
»CVE-2016-1708 (chrome)
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome ...
»CVE-2016-1709 (chrome, sfntly)
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly befor ...


Date published: 2016-07-30T04:50:06Z
Details

»DHS Announces Cyber Incident Reporting Information
Original release date: July 29, 2016 The United States Department of Homeland Security (DHS) ...
»Google Releases Security Update for Chrome
Original release date: July 21, 2016 Google has released Chrome version 52.0.2743.82 to addre ...
»Cisco Releases Security Update
Original release date: July 20, 2016 | Last revised: July 25, 2016 Cisco has released a secur ...
»Oracle Releases Security Bulletin
Original release date: July 19, 2016 Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Oracle July 2016 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
»Drupal Releases Security Advisory
Original release date: July 18, 2016 Drupal has released an advisory to address a vulnerabili ...
»Apple Releases Multiple Security Updates
Original release date: July 18, 2016 Apple has released security updates for iTunes, Safari, ...
»Cisco Releases Security Updates
Original release date: July 14, 2016 Cisco has released security updates to address vulnerabi ...
»Microsoft Releases Security Updates
Original release date: July 12, 2016 Microsoft has released 11 updates to address vulnerabili ...
»Adobe Releases Security Updates
Original release date: July 12, 2016 Adobe has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: June 30, 2016 Cisco has released security updates to address vulnerabi ...


Date published: not known
Details

»Guest Blog: Malicious Scripts Gaining Prevalence in Brazil
In the run up to VB2016, we invited the conference sponsors to writ ...
»Romanian university website compromised to serve Neutrino exploit kit
The website of the Carol Davila University of Medicine and Pharmacy ...
»It's 2016. Can we stop using MD5 in malware analyses?
While there are no actually risks involved in using MD5s in malware ...
»Throwback Thursday: Holding the Bady
In 2001, ‘Code Red’ caused White House administrators to change the ...
»Paper: The Journey of Evasion Enters Behavioural Phase
A new paper by FireEye researcher Ankit Anubhav provides an overvie ...
»Guest blog: Espionage toolkit uncovered targeting Central and Eastern Europe
Recently, ESET researchers uncovered a new espionage toolkit target ...
»Avast acquires AVG for $1.3bn
Anti-virus vendor Avast has announced the acquisition of its rival ...
»Throwback Thursday: You Are the Weakest Link, Goodbye!
Passwords have long been a weak point in the security chain, despit ...
»Paper: New Keylogger on the Block
In a new paper published by Virus Bulletin, Sophos researcher Gabor ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» DHS Announces Cyber Incident Reporting Information
[29 Jul 2016 07:22pm]

» Google Releases Security Update for Chrome
[21 Jul 2016 11:27am]

» Cisco Releases Security Update
[20 Jul 2016 10:29am]

» Oracle Releases Security Bulletin
[19 Jul 2016 04:07pm]

» Drupal Releases Security Advisory
[18 Jul 2016 03:23pm]

» Apple Releases Multiple Security Updates
[18 Jul 2016 03:13pm]

» Cisco Releases Security Updates
[14 Jul 2016 07:09am]

» Microsoft Releases Security Updates
[12 Jul 2016 05:06pm]

» Adobe Releases Security Updates
[12 Jul 2016 10:55am]

» Cisco Releases Security Updates
[30 Jun 2016 05:35am]

***
US-CERT Alerts

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

***
Computerworld Security

» SwiftKey's typing predictions may have leaked users' emails
[29 Jul 2016 12:58pm]

» Android Trojan SpyNote leaks on underground forums
[29 Jul 2016 10:03am]

» Whistleblower Edward Snowden questions WikiLeaks' methods
[29 Jul 2016 04:51am]

» FBI probing possible hack of another Democratic Party organization
[28 Jul 2016 08:02pm]

» Trump's hacking comments rattle cybersecurity pros
[28 Jul 2016 05:28pm]

» The AdGholas malvertising campaign infected thousands of computers per day
[28 Jul 2016 12:51pm]

» Google beefs up Linux kernel defenses in Android
[28 Jul 2016 12:21pm]

» Security Sessions: Generational differences in security, privacy attitudes
[28 Jul 2016 06:00am]

» Microsoft mandates Windows 10 hardware change for PC security
[27 Jul 2016 03:33pm]

» Flaw with password manager LastPass could hand over control to hackers
[27 Jul 2016 02:22pm]

» Trump to Russian hackers: Help find Hillary Clinton's emails
[27 Jul 2016 12:30pm]

» Rival gang leaks decryption keys for Chimera ransomware
[27 Jul 2016 11:52am]

» 7 strategies to avoid CSO burnout
[27 Jul 2016 09:29am]

» KeySniffer: Hackers can snag wireless keyboard keystrokes from 250 feet away
[27 Jul 2016 07:31am]

» Surefire security fail: One. App. At. A. Time.
[27 Jul 2016 05:00am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Security News This Week: So, Turns Out WhatsApp Chats Stay Even if You Delete Them
[29 Jul 2016 04:00pm]

» How To Fool AI Into Seeing Something That Isn’t There
[29 Jul 2016 08:56am]

» Trump Asks Russia to Dig Up Hillary’s Emails in Unprecedented Remarks
[27 Jul 2016 11:49am]

» Here’s What We Know About Russia and the DNC Hack
[27 Jul 2016 07:30am]

» WikiLeaks Has Officially Lost the Moral High Ground
[27 Jul 2016 06:00am]

» Radio Hack Steals Keystrokes from Millions of Wireless Keyboards
[26 Jul 2016 07:30am]

» 11 Police Robots Patrolling Around the World
[24 Jul 2016 05:00am]

» The KickassTorrents Case Could Be Huge
[22 Jul 2016 07:00am]

» How the Republican Convention Fends Off Hackers
[21 Jul 2016 07:55am]

» Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching
[21 Jul 2016 07:01am]

***
Network World Security

» Black Hat security conference trims insecure features from its mobile app
[29 Jul 2016 02:41pm]

» SwiftKey's typing predictions may have leaked users' emails
[29 Jul 2016 12:24pm]

» RNC attendees expose identity in free Wi-Fi trap
[29 Jul 2016 11:09am]

» New Android Trojan SpyNote leaks on underground forums
[29 Jul 2016 09:54am]

» Review: Promisec goes the extra step to secure PCs
[13 Jul 2016 06:21am]

» 4 tools for managing firewall rules
[07 Jul 2016 11:03am]

» 10 advanced endpoint protection tools
[05 Jul 2016 04:00am]

» How to buy endpoint security products
[05 Jul 2016 04:00am]

» 7 trends in advanced endpoint protection
[05 Jul 2016 04:00am]

» 10 cutting-edge tools that take endpoint security to a new level
[05 Jul 2016 04:00am]

» Buyer’s Guide to 9 multi-factor authentication products
[06 Jun 2016 04:00am]

» 5 trends shaking up multi-factor authentication
[06 Jun 2016 04:00am]

» 9-vendor authentication roundup: The good, the bad and the ugly
[06 Jun 2016 04:00am]

» Black Hat security conference trims insecure features from its mobile app
[29 Jul 2016 02:41pm]

» New Android Trojan SpyNote leaks on underground forums
[29 Jul 2016 09:54am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}