PIV-I White Paper - FINAL - 022111 - Smart Card Alliance

More documents

Recommendations

Info

9 Appendix A: Standards EffortsOrganizationNorth American SecurityProducts Association(NASPO)National Institute ofStandards andTechnology (NIST)American Association ofMotor VehicleAdministrators (AAMVA)American Bar AssociationFederated IdentityManagement Legal TaskForceInternational Organizationfor Standardization (ISO)DescriptionNASPO is a non-profit organization that certifies that government andbusiness organizations providing identity documents, financial instruments,and other value documents are operating under a uniform set of acceptedstandards and practices.NASPO certification is an audit process that verifies compliance with the newANSI/NASPO Security Assurance Standard. The process begins with anassessment of vulnerability followed by the identification of any risks.For example, the process for an organization producing and issuing IDdocuments includes process certification of the entire supply chain (such aspaper mill procedures to ensure a secure paper stock), printer and printingprocesses, and issuing procedures. All certification steps are designed toenhance trust in the final ID document.http://www.naspo.info/The NIST Information Technology Laboratory (ITL) accelerates thedevelopment and deployment of information and communication systemsthat are reliable, usable, interoperable, and secure; advances measurementscience through innovations in mathematics, statistics, and computerscience; and conducts research to develop the measurements and standardsinfrastructure for emerging information technologies and applications throughstandards development.Federal Information Processing Standards (FIPS) 201 is the standard thatsupports both PIV credential standards for Federal agencies and PIV-Icredential standards for states, local and private sector businesses.FIPS 201 standard: http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdfPIV-I guidance:http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdfAAMVA published the 2009 DL/ID Card Design Standard (CDS).The CDS provides for the design of driver licenses (DL) and identification(ID) cards. The intent is to improve the security of the DL/ID cards and thelevel of interoperability among cards issued by all North Americanjurisdictions. The standard includes machine-readable technologies as wellas a test tool issuing entities can use to verify compliance with the CDSstandard.The AAMVA Courtesy Verification Program (CVP) provides an effective wayfor AAMVA members to determine whether DL/ID cards using machinereadabletechnologies conform to the applicable AAMVA standards andspecificationsThis task force focuses on identifying and analyzing the legal issues thatarise in connection with the development, implementation, and use offederated identity management systems; evaluating appropriate legal modelsto address issues proactively; and developing model terms and contracts thatcan be used by parties and more.The task force work is found at:www.abanet.org/dch/committee.cfm?com=CL320041The ISO JTC1 creates common criteria for international use and recognitionof driver’s licenses without impeding individual national and regionalSmart Card Alliance © 201124
OrganizationJoint Technical Committeefor InformationTechnology (JTC1),Subcommittee forIdentification Cards andRelated Devices (SC17)International Committeefor InformationTechnology Standards(INCITS/M1) BiometricsTechnical CommitteeXML Extensible MarkupLanguageNational InformationExchange Model (NIEM)National Association ofState Chief InformationOfficers (NASCIO)Descriptionauthorities in satisfying their own specific requirements. This standardaddresses the following items: Physical characteristics Magnetic stripe Optical memory Integrated circuit cards with contacts Integrated circuit cards without contacts Bar codes, one and two dimensional Optical character recognition Digital (digitized) images and signalhttp://www.iso.org/iso/standards_development/technical_committees/other_bodies/iso_technical_committee.htm?commid=45020The INCITS M1 biometrics program includes biometric standards for datainterchange formats, common file formats, application interfaces, profiles,and performance testing and reporting. The goal of M1's work is toaccelerate the deployment of significantly better, standards-based securitysolutions for homeland defense and the prevention of identity theft as well asother government and commercial applications based on biometric personalauthentication.http://www.incits.org/Published by the World Wide Web Consortium (W3C), XML comprises a setof rules for encoding documents electronically. XML's design goalsemphasize simplicity, generality, and usability over the Internet. XML'sdesign focuses on documents and is widely used for representation ofarbitrary data structures (for example, in Web services).NIEM is a Federal, state, local, and tribal interagency initiative that provides afoundation for seamless information exchange. NIEM is a framework createdto: Develop standards, a common lexicon, and an online repository ofinformation exchange package documents to support informationsharing Provide technical tools to support development, discovery,dissemination, and re-use of exchange documents Provide training, technical assistance, and implementation supportservices for enterprise-wide information exchangehttp://www.niem.gov/NASCIO represents state chief information officers and informationtechnology executives and managers from the states, territories, and theDistrict of Columbia, with the mission to foster government excellencethrough quality business practices, information management, and technologypolicy.NASCIO has formed the State Digital Identity Work Group to provide aconsensus-based forum that enables state chief information officers (CIOs),chief information security officers (CISOs), enterprise architects, and line-ofbusinessstakeholders to collaborate on developing recommendations onfederated identity management initiatives. This working group intends toprovide a framework for the key guidelines for program management andcollaboration. The charter seeks to develop solutions for a sustainable andsupportable model for use in identity, credentialing, and access efforts.http://www.nascio.org/committees/digitalID/Smart Card Alliance © 201125
Page 1 and 2: Personal Identity Verification Inte
Page 3 and 4: TABLE OF CONTENTS 1 INTRODUCTION .
Page 5 and 6: and for piloting operations in othe
Page 7 and 8: 2.1.4 U.S. Drug Enforcement Adminis
Page 9 and 10: certificate, the relying party can
Page 11 and 12: The PIV card is an identity card th
Page 13 and 14: documents to electronically signed
Page 15 and 16: 4 State ProgramsAs states are faced
Page 17 and 18: Existing Programor PolicyForm facto
Page 19 and 20: Form Factor Users Applications Feat
Page 21 and 22: 7 References"Citizen and Commerce C
Page 23: The Smart Card Alliance Physical Ac

PIV-I White Paper - FINAL - 022111 - Smart Card Alliance

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?