NIST releases PIV interface specs

NIST releases PIV interface specs
NIST releases PIV interface specs

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson

The National Institute of Standards and Technology has released a second 
draft of its specifications for =E2=80=9CInterfaces for Personal Identity 
Verification=E2=80=9D to be used with the standard PIV card that will be issued 
to all government employees and contractors working on-site.

Comments on the document, Special Publication 800-73 Rev. 2, are being 
accepted until April 4.

NIST has also released final versions of two other documents in its 
library of special publications on computer security: SP 800-61 Rev. 1, 
titled =E2=80=9CComputer Security Incident Handling Guide=E2=80=9D and SP 800-28 Version 
2, titled =E2=80=9CGuidelines on Active Content and Mobile Code.=E2=80=9D

NIST=E2=80=99s Computer Security Research Division has incorporated into the 
current release of the PIV interface specs a number of suggestions made 
on the first draft. These changes include:

    * Relaxing the Global PIN security status limitations.
    * Incorporating an optional Global and PIV PIN discovery object.
    * Adding a discovery object for the PIV card application.
    * Eliminating the previously proposed optional U-CHUID data object.

The draft is in four parts, the End-Point PIV Card Application 
Namespace, Data Model and Representation; End-Point PIV Card Application 
Interface; End-Point PIV Client Application Programming Interface, and 
the PIV Transitional Data Model and Interfaces.

Comments should be submitted using the comment template provided on the 
Web site. Comments can also be e-mailed to PIV_comments (at), 
with =E2=80=9CComments on the 2nd Public Draft SP800-73-2=E2=80=9D in the subject line, 
by the close of business April 4.

The new release of the Computer Security Incident Handling Guide, first 
issued in 2004, provides guidance in responding to computer security 
incidents. It includes guidelines on establishing an incident response 
program but focuses on detecting, analyzing, prioritizing and handling 

Guidelines on Active Content and Mobile Code gives an overview of active 
content and mobile code technologies in use today, with insights for 
making informed decisions on their application and treatment. Active 
content refers to embedded software components in documents, such as 
JavaScript, VBScript, Java applets and ActiveX controls. The document 
contains information about the threats presented by mobile code and 
safeguards for end user systems. The original version was released in 

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods