FIPS 201-3: Personal Identity Verification (PIV) of Federal Employees and Contractors
The National Institute of Standards and Technology (NIST) is pleased to announce the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors. See the Federal Register Notice announcing FIPS 201-3 approval at https://www.federalregister.gov/d/2022-01246.
The rendered version is available from NIST pages https://pages.nist.gov/FIPS201/.
Summary of Changes
FIPS 201-3 addresses the comments received during the public comment period in November 2020. High level changes include:
- Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services
- Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials
- Focus on the use of federation to facilitate interoperability and interagency trust
- Addition of supervised remote identity proofing processes
- Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)
- Support for the secure messaging authentication mechanism (SM-AUTH)
A detailed list of changes is available in FIPS 201-3, Appendix E, Revision History. Public comments and dispositions can be found in the Issues tab of this repository.
If you wish to generate the document directly from its source, see the build instructions.