In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae

HSPD-12 & FIPS 201

FIPS 201
FIPS 201 compliance criteria
Support for HSPD-12 compliance



Federal Information Processing Standard (FIPS 201) "Personal Identity Verification (PIV) of Federal Employees and Contractors" is a standard which requires compliance by all Federal executive departments and agencies.  Zygma can help those bodies achieve their compliance by assisting with implementation against a specific set of compliance criteria (see below) or by undertaking independent audit or review. We can also help Federal bodies implement an ISMS which will demonstrate their FIPS 201 compliance.

FIPS 201 was prepared by the (US) National Institute of Standards and Technology (NIST) in response to the mandate of Homeland Security Presidential Directive #12 (HSPD-12 ), titled "Policy for a Common Identification Standard for Federal Employees and Contractors".

The essential part of HSPD-12 requires that the Secretary of Commerce (whom has ultimate responsibility for NIST) "promulgate in accordance with applicable law a Federal standard for secure and reliable forms of identification" and goes on to state that:

"Secure and reliable forms of identification" for purposes of this directive means identification that:
   a) is issued based on sound criteria for verifying an individual employee's identity;
   b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
   c) can be rapidly authenticated electronically; and
  d) is issued only by providers whose reliability has been established by an official accreditation process.
The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application."

FIPS 201
FIPS 201 sets out requirements for the issuance of identity credentials.  Broadly speaking, in Part I it sets out the requirements for identity proofing and vetting with which such systems must comply; in Part II it sets our the security requirements for identity credential cards which are considered to be sufficiently well-protected to fulfil the requirements of HSPD-12.

Beyond FIPS 201, NIST also produced a Special Publication to explicitly support the implementation of HDPS-12 and FIPS 201: SP 800-79 "Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations", to which Zygma's CEO, Richard Wilsher, was an acknowledged contributor.

FIPS 201 provides extensive direction as to the mechanisms which agencies should implement within their PIV systems.  These are principally in Part I of the requirements, but some parts of Part II are also applicable.  However, the style and presentation within FIPS 201 does not make it easy to readily identify those requirements, nor to explicitly reference them in order to show compliance.

Back to Top»»

FIPS 201 compliance criteria
As an aid to Federal and State executive departments and agencies, and other bodies seeking to comply with HSPD-12 and interpretation of FIPS 201, GSA tasked Zygma with the preparation of a set of criteria which set out concisely the precise requirements for FIPS 201 compliance.

The resultant criteria and their mapping back to FIPS 201 can be downloaded by clicking here.  This document is not the official Federal Identity Credentialing Committee (FICC) version of these criteria, but the technical contents (therefore the criteria) are identical and this document is a lot more 'user-friendly'.

Back to Top»»

Support to HSPD-12 & FIPS 201 compliance
Zygma can provide support to organizations implementing FIPS 201-compliant PIV systems, either through direct involvement with the development of the system or by providing audit or review services.  We can also help you build an ISMS which ensures and demonstrates that compliance.

Contact us to discuss your needs.  Federal and State agencies should also review Zygma's GSA Schedule 70 offerings which can cover the development of PIV systems.

Back to Top»»


© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''