PIV-I SmartCard FAQ

GDE Error: Error retrieving file - if necessary turn off error checking (404:Not Found)

2.1  WHAT IS A PIV-I CARD? ………………………………………………………………………………………………………………5
2.2  WHAT IS THE DIFFERENCE BETWEEN A PIV-I CARD AND A PIV CARD? ……………………………………………….6
2.3  WHAT OIDS ARE SPECIFIED FOR PIV-I?………………………………………………………………………………………….8
2.4  CAN MY AGENCY ACCEPT PIV-I CARDS ISSUED BY OUR CONTRACTORS’ COMPANY IN LIEU OF ISSUING
PIV CARDS TO THESE INDIVIDUALS?………………………………………………………………………………………..8
2.5  CAN NON-PIV CARDS ISSUED BY THE FEDERAL GOVERNMENT BE CONSIDERED PIV-I?…………………………8
2.6  CAN A PIV-I CARD BE ACCEPTED FOR BOTH PHYSICAL AND LOGICAL ACCESS?…………………………………….9
2.7  CAN AN IDENTITY CARD ISSUED BY A PROGRAM THAT HAS MODIFIED THE PIV TECHNICAL
SPECIFICATIONS BE CONSIDERED A PIV-I CARD? ……………………………………………………………………….9
2.8  WHAT IS THE PIV-I CARD LOGICAL DATA MODEL? …………………………………………………………………………9
2.9  CAN THE PIV-I CARD LOGICAL DATA MODEL BE EXTENDED? …………………………………………………………..9
2.10  WHAT CERTIFICATES AND KEYS MAY BE PRESENT ON A PIV-I CARD? …………………………………………………9
2.11  WHAT ARE THE MANDATORY DATA MODEL ELEMENTS FOR A PIV-I CARD? ……………………………………….10
2.12  WHAT ARE THE OPTIONAL DATA MODEL ELEMENTS FOR A PIV-I CARD? ……………………………………………10
2.13  WHAT IS THE VALIDITY PERIOD FOR PIV-I CERTIFICATES?……………………………………………………………….11
2.14  WHAT ALGORITHMS MUST BE USED IN PIV-I CARD CERTIFICATES?…………………………………………………..11
2.15  WHAT IS THE STATUS OF THE PIV-I CERTIFICATE POLICY AND PIV-I PROFILE? ………………………………….12
2.16  WHAT MUST PIV-I CARD AUTHENTICATION CERTIFICATE POLICIES MAP TO?……………………………………..12
2.17  WHAT KEY USAGE BITS MUST BE ASSERTED IN THE KEYUSAGE EXENSIONS OF PIV-I CERTIFICATES?……..12
2.18  DO PIV-I CARDS NEED TO BE FIPS-140-2 VALIDATED?…………………………………………………………………..12
2.19  WHAT ASSURANCE REQUIREMENTS MUST PIV-I CARD ISSUERS MEET?………………………………………………13
2.20  WHAT ARE THE VALID METHODS TO GENERATE/CONSTRUCT A UUID NUMBER? …………………………………13
2.21  HOW DOES PIV-I HANDLE GLOBAL UNIQUE IDENTIFICATION NUMBER (GUID) DURING ISSUANCE? ……..14
2.22  WHAT SOFTWARE AND HARDWARE CAN BE USED TO ISSUE PIV-I CARDS?………………………………………….14
2.23  HOW ARE PIV-I CARDS AND COMPONENTS TESTED?……………………………………………………………………….14
2.24  IS SYMMETRIC CARD AUTHENTICATION KEY (CAK) PROHIBITED? …………………………………………………..14
2.25  WHAT BIOMETRICS MUST BE IN A PIV-I CARD? ……………………………………………………………………………..14
2.26  WHAT IS THE RELATIONSHIP BETWEEN FASC-N AND GUID?…………………………………………………………..14
2.27  WHAT IS THE GUID?………………………………………………………………………………………………………………….15
2.28  WHAT IS THE RELATIONSHIP BETWEEN GUID AND UUID?………………………………………………………………15
2.29  WHERE ELSE DOES THE GUID’S UUID VALUE APPEAR?………………………………………………………………….15
2.30  WHAT IS THE FORMAT OF THE UUID IN CERTIFICATES?…………………………………………………………………..15
2.31  WHY HAS THE IPV6 GUID VALUE BEEN DEPRECATED IN FAVOR OF UUID? ……………………………………….15
2.32  WHERE DOES THE GUID APPEAR?………………………………………………………………………………………………..16
2.33  WHERE DOES THE FASC-N APPEAR ON THE PIV-I CARD?……………………………………………………………….16
2.34  WHERE ARE THE DETAILED SPECIFICATIONS FOR UUID FORMATTING? ……………………………………………..16
2.35  WHERE ARE THE DETAILED SPECIFICATIONS FOR THE VALUE OF THE FASC-N? ………………………………….16
2.36  WHAT ARE THE VALUES OF THE AGENCY CODE OF THE FASC-N?…………………………………………………….16
2.37  WHERE ARE THE DETAILED SPECIFICATIONS FOR FASC-N FORMATTING? ………………………………………….16
2.38  HOW DOES A PACS INTERPRET A FEDERAL PIV CARD IF THE CARD CONTAINS A GUID THAT IS ALL
ZEROS? ………………………………………………………………………………………………………………………………16
2.39  HOW DOES A FEDERAL PACS INTERPRET AN NFI PIV-I CARD THAT DOES NOT HAVE A FASC-N?………..16
2.40  WHAT ARE THE IMPLICATIONS OF THE POSSIBLE VALUES OF A FASC-N AND WHAT ARE THE
IMPLICATIONS TO MY PACS?………………………………………………………………………………………………..17
2.41  AS AN ISSUER, WHEN DO I USE THE FASC-N VERSUS GUID? …………………………………………………………..17
2.42  AS A RELYING PARTY, WHEN DO I USE THE FASC-N VERSUS GUID?………………………………………………..17
2.43  HOW DOES A PACS DETERMINE WHETHER A CARD IS PIV OR PIV-I? ………………………………………………..17
2.44  HOW DO I GENERATE A GUID? ……………………………………………………………………………………………………18

2.45  ARE THERE UNIQUE IDENTIFIER COLLISION ISSUES WITH NFI CARDS?……………………………………………….18
2.46  ARE OTHER FIELDS IN THE FASC-N, SUCH AS PERSON IDENTIFIER, DEFINED FOR NFI CARDS?……………..18
3.  REFERENCES………………………………………………………………………………………………………………………………..19
3.1  PERSONAL IDENTITY VERIFICATION INTEROPERABILITY FOR NON-FEDERAL ISSUERS………………………….19
3.2  X.509 CERTIFICATE POLICY FOR THE FEDERAL BRIDGE CERTIFICATION AUTHORITY (FBCA)……………..19
3.3  X.509 CERTIFICATE POLICY FOR THE U.S. FEDERAL PKI COMMON POLICY FRAMEWORK……………………19
3.4  X.509 CERTIFICATE AND CRL EXTENSIONS PROFILE FOR PIV-I CARDS…………………………………………….19
3.5  X.509 CERTIFICATE AND CERTIFICATE REVOCATION LIST (CRL) EXTENSIONS PROFILE FOR THE
SHARED SERVICE PROVIDERS (SSP) PROGRAM ……………………………………………………………………….19
3.6  FEDERAL PUBLIC KEY INFRASTRUCTURE (PKI) X.509 CERTIFICATE AND CRL EXTENSIONS PROFILE,
OCTOBER 12, 2005………………………………………………………………………………………………………………20
3.7  SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES, FIPS 140-2…………………………………………..20
3.8  PERSONAL IDENTITY VERIFICATION (PIV) OF FEDERAL EMPLOYEES AND CONTRACTORS, FIPS 201-1…..20
3.9  INTERFACES FOR PERSONAL IDENTITY VERIFICATION (4 PARTS), NIST SP 800-73-3…………………………..20
3.10  BIOMETRIC DATA SPECIFICATION FOR PERSONAL IDENTITY VERIFICATION, NIST SP 800-76-1……………20
3.11  CRYPTOGRAPHIC ALGORITHMS AND KEYS SIZES FOR PERSONAL IDENTITY VERIFICATION, NIST SP
800-78-2 ……………………………………………………………………………………………………………………………21
3.12  PIV DATA MODEL TEST GUIDELINES, NIST SP 800-85B………………………………………………………………..21
3.13  PIV CARD APPLICATION AND MIDDLEWARE INTERFACE TEST GUIDELINES (SP 800-73 COMPLIANCE),
NIST SP 800-85A, MARCH 2009…………………………………………………………………………………………..21
3.14  A RECOMMENDATION FOR THE USE OF PIV CREDENTIALS IN PHYSICAL ACCESS CONTROL SYSTEMS
(PACS), NIST SP 800-116……………………………………………………………………………………………………21
3.15  FIPS 201 APPROVED PRODUCTS LIST …………………………………………………………………………………………..21
3.16  RFC 4122, UNIVERSALLY UNIQUE IDENTIFIER (UUID) URN NAMESPACE………………………………………..21
3.17  ELECTRONIC AUTHENTICATION GUIDELINE, NIST SP 800-63………………………………………………………….22

Leave a Reply

Your email address will not be published. Required fields are marked *