Draft guidelines released for certifying PIV Card issuers

Draft guidelines have been released to help agencies verify that organizations issuing new governmentwide identification cards are up to the job.The new cards were mandated in , titled “Policy for a Common Identification Standard for Federal Employees and Contractors.” More detailed objectives for the Personal ID Verification (PIV) Card were laid out in , and specifications for the standard are spelled out in a series of special publications from the National Institute of Standards and Technology.A requirement of HSPD 12 is that card issuers be accredited. The most recent NIST publication, , provides Guidelines for Certification and Accreditation of PIV Card Issuing Organizations. The draft is offered for public comment until July 10.The new ID card will be an interoperable smart card that can be used across agencies. The cards will incorporate a common set of identity proofing and issuing standards, as well as other technologies. Agencies must have plans in place for implementing HSPD 12 this year, and have until October 2006 to begin issuing the cards.Each agency will be responsible for certifying and accrediting the issuer of its cards. Certification is the process of assessing the reliability, availability and capabilities of the issuer’s personnel, equipment, finances and support infrastructure. Accreditation — the management decision to authorize operation — is done by a designated authority within an agency.NIST has broken the certification and accreditation process into 10 tasks:Comments on the draft guidelines should be e-mailed to by July 10.More details on FIPS-201 and PIV Card specifications are available from the in special publications , Interfaces for Personal Identity Verification; , Biometric Data Specifications for Personal Identity Verification; and , Cryptographic Algorithms and Key Sizes for Personal Identity Verification.