FIPS 201

Abstract: (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of non-national security-related information in Federal information systems. This Interagency Report discusses ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Abstract: This document, Special Publication 800-76, is a companion document to FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors. It describes technical acquisition and formatting specifications for the biometric credentials of the PIV system, including the PIV Card itself. It enumerates procedures and formats for fingerprints and facial images by restricting values and practices included generically in published biometric standards. The primary design objective behind these particular specifications is high performance universal interoperability. For the preparation of biometric data suitable for the Federal Bureau of Investigation (FBI) background check, SP 800-76 references FBI documentation, including the ANSI/NIST Fingerprint Standard and the Electronic Fingerprint Transmission Specification. This document does not preclude use of other biometric modalities in conjunction with the PIV card.

Abstract: This paper presents several smart card security extensions to the FIPS 201 PIV standard of security and authentication of mobile health. Our contributions are designed to better protect the patient's data and to increase the functionality and interoperability of smart cards in health care. Our solution, called SAMSON, consists of two types of smart cards. The first, a security card, is issued to all personnel within any medical organization, while the second, the medical card, is issued to patients and used to securely store and retrieve health care information. These smart cards are being tested within a 14 hospital federated consortium in Michigan's Upper Peninsula.

Abstract: (NIST) has several efforts underway to help federal agencies implement Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors. The standard, which was approved by the Secretary of Commerce in February 2005, supports improved security for the forms of identification that are used to gain access to government facilities and information. Citing the need for better quality and security of the processes for identifying individuals, Homeland Security Presidential Directive (HSPD) 12, issued in August 2004, called for the development of a mandatory, government-wide standard for secure and reliable forms of identification for government employees and contractors. The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has several efforts underway to help federal agencies implement Federal Information Processing Standard (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors. The standard, which was approved by the Secretary of Commerce in February 2005, supports improved security for the forms of identification that are used to gain access to government facilities and information. Citing the need for better quality and security of the processes for identifying individuals, Homeland Security Presidential Directive (HSPD) 12, issued in August 2004, called for the development of a mandatory, government-wide standard for secure and reliable forms of identification for government employees and contractors. FIPS 201 specifies technical and operational requirements for interoperable PIV systems that issue PIV cards as identification credentials and that use the cards to authenticate an individual's identity. Authentication of an individual's identity is an essential component of secure access control to facilities and to information systems. NIST recently developed supplementary guidelines and recommendations that support agencies in implementing the technical and administrative requirements of FIPS 201. Some of these publications are available in final form, and some are currently available as draft documents that will be finalized in the near future. To help agencies acquire PIV systems that correctly implement FIPS 201, NIST has started a conformance testing program for the standard. FIPS 201 specifies technical and operational requirements for interoperable PIV systems that issue PIV cards as identification credentials and that use the cards to authenticate an individual's identity. Authentication of an individual's identity is an essential component of secure access control to facilities and to information systems. NIST recently developed supplementary guidelines and recommendations that support agencies in implementing the technical and administrative requirements of FIPS 201. Some of these …