[Federal Register: November 23, 2004 (Volume 69, Number 225)]
[Notices]               
[Page 68128-68129]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr23no04-31]                         

-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 041103306-4306-01]
RIN 0693-AB54

 
Announcing Draft of Federal Information Processing Standard 
(FIPS) 201, Personal Identification Verification for Federal Employees 
and Contractors

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This notice announces Draft Federal Information Processing 
Standard (FIPS) 201, Personal Identification Verification for Federal 
Employees and Contractors, for public review and comment. The draft of 
FIPS 201 is being proposed in response to tasking to the Secretary of 
Commerce by the President to promulgate, in accordance with applicable 
law, a Federal standard for secure and reliable forms of identification 
for Federal employees. The standard specifies the minimum necessary 
technical and operational requirements for such Federal identification 
credentials. Prior to the submission of this proposed standard to the 
Secretary of Commerce for review and approval, it is essential that 
consideration be given to the needs and views of the public, users, the 
information technology industry, and Federal, State and local 
government organizations. The purpose of this notice is to solicit such 
views.

DATES: Comments must be received on or before December 23, 2004.

ADDRESSES: Written comments may be sent to: Chief, Computer Security 
Division, Information Technology Laboratory, Attention: Comments on 
Draft FIPS 201, 100 Bureau Drive--Stop 8930, National Institute of 
Standards and Technology, Gaithersburg, MD 20899-8930. Electronic 
comments may also be sent to: DRAFTFIPS201@nist.gov. The draft of the 
standard is available via http://csrc.nist.gov/piv-project/index.html. 

Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov.


[[Page 68129]]


FOR FURTHER INFORMATION CONTACT: William Barker, Computer Security 
Division, National Institute of Standards and Technology, Gaithersburg, 
MD 20899-8930, telephone (301) 975-8443, e-mail: 
william.barker@nist.gov.

SUPPLEMENTARY INFORMATION: On August 27, 2004, the President signed 
Homeland Security Presidential Directive (HSPD) Number 12 that directed 
the Secretary of Commerce to promulgate a Federal Standard by February 
27, 2005, that assures secure and reliable forms of identification of 
Federal and Federal contractor employees. In response, the NIST 
Computer Security Division has initiated development of this standard. 
The principal requirements of HSPD Number 12 are to create a secure and 
reliable automated system that may be used Government-wide to: (1) 
Establish the authentic true identity of an individual; (2) issue an 
identity credential token to each authenticated individual containing 
an ``electronic representation'' of the identity and the person to whom 
it is issued which can later be verified using appropriate technical 
means when access to a secure Federal facility or information system is 
requested; (3) provide graduated criteria that provide appropriate 
levels of assurance and security to the application; (4) be strongly 
resistant to identity fraud, counterfeiting, and exploitation by 
individuals, terrorist organizations, or conspiracy groups; (5) 
initiate development and use of interoperable automated systems meeting 
these requirements.
    To meet these requirements, the draft FIPS proposes (1) a 
credential issuance process that relies upon identity documentation 
supplemented by record checking; (2) specifications for storage of 
biometric information on the identity credential; (3) use of existing 
graduated criteria for employee position sensitivity and physical/
logical access levels; (4) security controls to counter fraud and 
exploitation; and (5) information to facilitate agency establishment of 
real-time credential validity checking and integration of the new 
credential into physical and logical access systems.
    Under the requirements of HSPD Number 12, the standard must be 
promulgated by February 27, 2005. NIST anticipates that the initial 
standard will be augmented over the course of two to three years as 
additional supporting technical guidelines, recommendations, reference 
implementations, and conformance tests are developed.

    Authority: NIST's activities to develop computer security 
standards to protect Federal non-national security systems is 
undertaken pursuant to specific responsibilities assigned to NIST in 
the Federal Information Security Management Act of 2002. In 
addition, development of FIPS 201 is being undertaken in response to 
Homeland Security Presidential Directive Number 12.

    Dated: November 18, 2004.
Richard F. Kayser,
Acting Deputy Director.
[FR Doc. 04-25953 Filed 11-22-04; 8:45 am]