FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors

Posted: Jan 24, 2022

The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. See the Federal Register Notice announcing FIPS 201-3 approval at https://www.federalregister.gov/d/2022-01246.

Available Online

Summary of Changes

FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include:

Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services
Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials
Focus on the use of federation to facilitate interoperability and interagency trust
Addition of supervised remote identity proofing processes
Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)
Support for the secure messaging authentication mechanism (SM-AUTH)

A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History, and all comments and dispositions can be found on the project repository or in the 2020 Draft comments and dispositions.

More Information:

A printable PDF is available on the NIST Computer Security Resource Center at https://csrc.nist.gov/publications/detail/fips/201/3/final.

For more information about the PIV standard and associated technical guidelines, see the PIV Project Page on the Computer Security Resource Center.