The verification system for federal workers and contractors logging into federal networks or entering government facilities just got more secure, and has expanded to mobile devices. The National Institute for Standards and Technology (NIST) has come out with an updated version of the standard specification Personal Identification Verification (PIV) Card used by such employees. That common identification standard is known as the Federal Information Processing Standard (FIPS) 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors.
The updated PIV Card standard “provides a stronger authentication credential that combines new technology, including enhanced support for mobile devices and lessons learned from federal agencies,” according to NIST’s Web site. The new capabilities on the FIPS 201-2 Card include an option for deriving a credential to be used on mobile phones and tablets, as well as other enhanced security options. For example, a card’s credentials can now be updated remotely, cutting down on costs and travel for the cardholder to an issuing site.
The update also adds biometrics, like an “optional on-card fingerprint comparison capability” which “may be used as an alternate to the Personal Identification Number in use currently.” There is also now the option of using an iris pattern, which can be used alone or in with fingerprints, for stronger authentication. The optional iris pattern biometric is based on the ISO/IEC 19794-6 iris biometric standard, which was published in 2011. NIST also recently published Biometric Data Specifications for Personal Identity Verification (NIST Special Publication 800-76-2) to support FIPS 201.
"Offering a strong credential provides better identity assurance,” said Hildegard Ferraiolo, a computer scientist at NIST who was a co-author of the document, in the official press release.
The update to the original FIPS 201 does not require existing cards be replaced. To date almost 5 million cards have been issued. For more information, visit www.NIST.gov.