Federal Information Processing Standard "Personal Identity Verification (PIV) of Federal Employees and Contractors" is a standard which requires compliance by all Federal executive departments and agencies. Zygma can help those bodies achieve their compliance by assisting with implementation against a specific set of compliance criteria (see below) or by undertaking independent audit or review. We can also help Federal bodies implement an ISMS which will demonstrate their FIPS 201 compliance.
FIPS 201 was prepared by the (US) National Institute of Standards and Technology (NIST) in response to the mandate of Homeland Security Presidential Directive #12 ( ), titled "Policy for a Common Identification Standard for Federal Employees and Contractors".
The essential part of HSPD-12 requires that the Secretary of Commerce (whom has ultimate responsibility for NIST) "promulgate in accordance with applicable law a Federal standard for secure and reliable forms of identification" and goes on to state that:
"Secure and reliable forms of identification" for purposes of this directive means identification that:
a) is issued based on sound criteria for verifying an individual employee's identity;
b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
c) can be rapidly authenticated electronically; and
d) is issued only by providers whose reliability has been established by an official accreditation process.
The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application."
FIPS 201 sets out requirements for the issuance of identity credentials. Broadly speaking, in Part I it sets out the requirements for identity proofing and vetting with which such systems must comply; in Part II it sets our the security requirements for identity credential cards which are considered to be sufficiently well-protected to fulfil the requirements of HSPD-12.
Beyond FIPS 201, NIST also produced a Special Publication to explicitly support the implementation of HDPS-12 and FIPS 201: "Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations", to which Zygma's CEO, Richard Wilsher, was an acknowledged contributor.
FIPS 201 provides extensive direction as to the mechanisms which agencies should implement within their PIV systems. These are principally in Part I of the requirements, but some parts of Part II are also applicable. However, the style and presentation within FIPS 201 does not make it easy to readily identify those requirements, nor to explicitly reference them in order to show compliance.
FIPS 201 compliance criteria
As an aid to Federal and State executive departments and agencies, and other bodies seeking to comply with HSPD-12 and interpretation of FIPS 201, GSA tasked Zygma with the preparation of a set of criteria which set out concisely the precise requirements for FIPS 201 compliance.
The resultant criteria and their mapping back to FIPS 201 can be downloaded by . This document is not the official Federal Identity Credentialing Committee () version of these criteria, but the technical contents (therefore the criteria) are identical and this document is a lot more 'user-friendly'.
Back to Top»»
Support to HSPD-12 & FIPS 201 compliance
Zygma can provide support to organizations implementing FIPS 201-compliant PIV systems, either through direct involvement with the development of the system or by providing audit or review services. We can also help you build an ISMS which ensures and demonstrates that compliance.
to discuss your needs. Federal and State agencies should also review Zygma's 70 offerings which can cover the development of PIV systems.
Back to Top»»