by Allan Watkins
The National Institute of Standards and Technology (NIST) estimates there are nearly 5 million Personal Identity Verification (PIV) cards in existence today. This credential serves as a form of multifactor authentication for federal employees and contractors to gain access to federal IT resources and facilities. Given the potential harm unauthorized access could render, the PIV card issuance process is critical to the safety and security of our nation.
Federal Information Processing Standard (FIPS) 201-3 specifies the processes and technical specifications for the PIV credential. According to the Homeland Security Presidential Directive 12 (HSPD 12), FIPS 201-3 2.1 defines “secure and reliable forms of identification” as “identification that (a) is issued based on sound criteria for verifying an individual employee’s identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an official accreditation process.”
To issue an employee or contractor a PIV credential, the government sponsoring official must first authorize its issuance. Then, the individual in question must be properly vetted. Vetting requirements include favorable findings on a Federal Bureau of Investigation National Criminal History Check and on a Tier 1 (or higher) investigation (formerly called a National Agency Check with Written Inquiries). After sponsorship and vetting have been completed and authorized, the individual must present two identity source documents. One source document must be a picture ID issued by the federal or a state government.
In today’s environment, the requirements for validating a person’s identity … are more stringent than in days past. Such precautions, along with other security protocols, are imperative to keep our world safe from malicious attacks.
In today’s environment, the requirements for validating a person’s identity, whether it be for the Transportation Security Administration or Department of Motor Vehicles, are more stringent than in days past. Both organizations require valid sources of identification, similar, if not the same, as the federal government’s I-9 form. Such precautions, along with other security protocols, are imperative to keep our world safe from malicious attacks.
National Institute of Standards and Technology | “Personal Identity Verification (PIV) of Federal Employees and Contractors” | https://csrc.nist.gov/publications/detail/fips/201/3/final
U.S. Department of Homeland Security | “Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors” | https://www.dhs.gov/homeland-security-presidential-directive-12