SILVER SPRING, Md. —The Security Industry Association’s (SIA) Personal Identity Verification (PIV) Working Group submitted new comments to the National Institute of Standards and Technology (NIST) regarding the revised draft of FIPS 201-2, the standard for PIV. SIA’s goal is to make the PIV card more usable in physical access control applications, especially those that address the high security objectives of Homeland Security Presidential Directive-12 (HSPD-12).
NIST released the first draft of the update to the 2005 FIPS 201 more than a year ago and has again sought industry input on their latest work product. Though NIST has extensively addressed the comments received on the first draft, it has also introduced a number of new concepts, which have drawn strong reaction from industry. One of the main issues is the need to get the specification fully effective near term, since it will not be changed for at least five years after its anticipated release in early 2013.
There are several issues that are important to SIA and the security industry, including the ability to achieve technical interoperability in Physical Access Control Systems (PACS); recognition of three-factor authentication (card, PIN, biometrics), a long time industry practice; and outdoor environmental challenges which necessitate the use of contactless readers. Per the current draft standard, contactless readers cannot be used for “High” or “Very High” confidence assurance levels.
“NIST has come a long way since 2004 when HSPD-12 dictated the first versions of PIV be brought to market,” says Rob Zivney, chair, PIV Working Group, SIA. “However, the initial implementations often used the basic card holder unique identifier [CHUID] reader technology, which is now being deprecated and demoted to low assurance levels, which is appropriate. Now we need to more fully embrace the cryptographic and biometric capabilities of the card so we can use them securely over the contactless interface for the highest three-factor authentication — even when embedded in a mobile phone.”
SIA has offered suggestions that would bring the new technology to the PIV card much sooner than waiting out current lifecycles of both the Standard and the PIV Card, Zivney says.
PIV card technology use has begun to spread beyond federal employees and contractors. A range of companies and entities that do business with the federal government — aerospace and defense contractors, international banks and state governments — use PIV-Interoperable (PIV-I). Seaports and truckers use the Transportation Worker Identification Credential (TWIC) in the private sector and first responders are using the First Responder Authentication Credential (FRAC). All of these and more are based on PIV. As a result, SIA’s comments are as critical to the private sector as they are for the federal sector for which PIV was originally chartered.
The view SIA’s comments, click here.
Other Recent News
May 15, 2013
SSI Editor-in-Chief Scott Goldfine will host a Fujitsu-sponsored Webinar titled "The Benefits of Using Biometric Authentication for Access Control" on May 21 at 2 p.m. EDT.
May 7, 2013
Traka USA, a developer of intelligent key and asset management solutions, and Lenel Systems Int’l have signed an agreement that allows Lenel to resell three base levels of Traka key cabinets to its customers in North America and Latin America.
April 30, 2013
Kastle Systems Int’l, a provider of managed security solutions, announced it has acquired cloud-based intelligent video surveillance manufacturer CheckVideo for an undisclosed amount.
March 27, 2013
Stanley Security Solutions (SSS), part of Stanley Black & Decker, has extended its partnership with EyeLock, a provider of iris-based identity authentication solutions.
March 20, 2013
The Physical Security Interoperability Alliance (PSIA) has released two new profiles — one for access control and the other for intrusion detection — as well as a tool for testing whether products conform to the profiles.