NPFC - FIPS PUB 201
Personal Identity Verification (PIV) of Federal Employees and Contractors
|Publication Date:||1 August 2013|
Homeland Security Presidential Directive-12 [HSPD-12], signed by President George W. Bush on August 27, 2004, established the requirements for a common identification standard for identity credentials issued by Federal departments and agencies to Federal employees and contractors (including contractor employees) for gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems. HSPD-12 directs the Department of Commerce to develop a Federal Information Processing Standards (FIPS) publication to define such a common identity credential. In accordance with HSPD-12, this Standard defines the technical requirements for the identity credential that-
(a) is issued based on sound criteria for verifying an individual employee's identity;
(b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
(c) can be rapidly authenticated electronically; and
(d) is issued only by providers whose reliability has been established by an official accreditation process.
This Standard defines authentication mechanisms offering varying degrees of security for both logical and physical access applications. Federal departments and agencies will determine the level of security and authentication mechanisms appropriate for their applications. This Standard does not specify access control policies or requirements for Federal departments and agencies. Therefore, the scope of this Standard is limited to authentication of an individual's identity. Authorization and access control decisions are outside the scope of this Standard. Moreover, requirements for a temporary card used until a new or replacement PIV Card arrives are out of scope of this Standard.
This Standard defines a reliable, government-wide identity credential for use in applications such as access to Federally controlled facilities and information systems. This Standard has been developed within the context and constraints of Federal law, regulations, and policy based on currently available and evolving information processing technology.
This Standard specifies a PIV system within which a common identity credential can be created and later used to verify a claimed identity. The Standard also identifies Federal government-wide requirements for security levels that are dependent on risks to the facility or information being protected.