Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush on August 27, 2004, mandated the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 requires the use of a common identification credential for both logical and physical access to Federally controlled facilities and information systems.

The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, issued on February 25, 2005, and a number of special publications that provide more detail on the implementation of the standard.

 

NIST Publications

• Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, NIST, February 25, 2005
• FIPS 201 Errata
• NIST PIV Program web site, http://csrc.nist.gov/piv-program
• NIST Special Publication 800-63 (SP 800-63), June 2004: Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology
• NIST Special Publication 800-73 (SP 800-73), April 2005: Interfaces for Personal Identity Verification
• NIST Special Publication 800-73 Supplemental Information: Namespace Management for Personal Identity Verification (PIV) Applications and Data Objects, May 17, 2005
• NIST Draft Special Publication 800-76 (SP 800-76), December 2005: Biometric Data Specification for Personal Identity Verification. The comment period for this draft closes at 5pm EST on Jan. 13, 2006. The comment template form is available at http://www.csrc.nist.gov/piv-project/fips201-support-docs.html website and should be submitted to DraftFips201@nist.gov.
• NIST Special Publication 800-78 (SP 800-78), April 2005: Cryptographic Algorithms and Key Sizes for Personal identity Verification
• NIST Special Publication 800-79 (SP 800-79), July 2005: Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
• NIST Draft Special Publication 800-85 (SP 800-85), August 2005: PIV Middleware and PIV Card Application Conformance Test Guidelines (SP 800-73 compliance)
• NIST Draft Special Publication 800-87 (SP 800-87), August 2005: Codes for the Identification of Federal and Federally-Assisted Organizations

Office of Management and Budget (OMB) Guidance

• OMB Federal Identity Credentialing Committee web site, http://www.cio.gov/ficc/
• “Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors,” Office of Management and Budget Memorandum M-05-24, August 5, 2005
• “E-Authentication Guidance to Federal Agencies,” OMB Memorandum M-04-04, December 16, 2003

General Services Administration (GSA) Guidance on Implementation and Acquisition

• GSA smart card web site, http://www.smart.gov/whats_new.cfm
• “Acquisitions of Products and Services for Implementation of HSPD-12,” General Services Administration (GSA) memorandum, August 10, 2005
• Federal Identity Management Handbook (Draft), GSA publication, July 2005. This document provides specific implementation direction on course of action, schedule requirements, acquisition planning, migration planning, lessons learned, and case studies.

Federal Identity Credentialing Interagency Advisory Board (IAB) Publications

• IAB web site, http://www.smart.gov/IAB/
• Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems, Version 2.2, July 30, 2004 (PACS 2.2)

Presidential Directives

• Homeland Security Presidential Directive/HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004
• Homeland Security Presidential Directive/HSPD-11: Comprehensive Terrorist-Related Screening Procedures, August 27, 2004