Guidelines Issued for Certifying, Accrediting PIV Card Issuers

The National Institute of Standards and Technology (NIST) has developed guidelines for federal agencies to use in planning and designing certification and accreditation procedures for issuing Personal Identity Verification (PIV) cards to employees and contractors. This is the next step in the effort begun last February when NIST announced Federal Information Processing Standard (FIPS) 201 for the smart-card-based form of identification. A Presidential homeland security directive required development of the government-wide, mandatory standard. The directive also specified that card issuers must be certified and accredited.

The certification and accreditation process consists of four phases: initiation, certification, accreditation and monitoring. A set of tasks to be carried out by agency officials is specified for each phase. The primary responsibilities of a PIV card issuer include verifying the identity and registering individuals to be issued a card, creating and issuing PIV cards, and managing the life cycle of the cards.

NIST plans to review the guidelines in a year and revise them based on additional information and experience gained by agencies in implementing the standard, creating and operating PIV card issuing processes, and certifying and accrediting the reliability of card issuers. Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations (NIST Special Publication 800-79) and additional information on the PIV standard is available at http://csrc.nist.gov/piv-program/index.html.