Date Published: September 27, 2023
Comments Due: December 8, 2023 (public comment period is CLOSED)
Email Questions to: [email protected]
Planning Note (11/14/2023): The public comment period was extended to December 8, 2023.
Author(s)
Hildegard Ferraiolo (NIST), Andrew Regenscheid (NIST)
Announcement
In January 2022, NIST revised Federal Information Processing Standard (FIPS) 201, which establishes standards for the use of Personal Identity Verification (PIV) Credentials – including the credentials on PIV Cards. NIST Special Publication (SP) 800-73-5: Parts 1–3 and SP 800-78-5 have subsequently been revised to align with FIPS 201 and are now available for public comment.
SP 800-78-5 ipd (Initial Public Draft)
SP 800-78-5 ipd, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, defines the requirements for cryptographic capability of the PIV Card and supporting systems in coordination with FIPS 201-3. It been modified to add additional algorithm and key size requirements and to update the requirements for Cryptographic Algorithm Validation Program (CAVP) validation testing including:
- Deprecation of 3TDEA algorithms with identifier ‘00’ and ‘03’
- Removal of the retired RNG from CAVP PIV component testing where applicable
- Accommodation of the Secure Messaging Authentication key
- Update to Section 3.1 and Table 1 to reflect additional higher strength keys with at least 128-bit security for use in authentication beginning in 2031
NIST specifically seeks input from federal agencies on the suitability of the digital signature algorithms and key sizes specified in SP 800-78-5.The draft revisions accommodate RSA signatures with 2048-bit and 3072-bit keys, and ECDSA signatures with the P-256 and P-384 curves, for authentication services.NIST requests feedback on the potential need to support RSA with 4096-bit keys, or for the need to add support for the EdDSA signature algorithm that is now specified in FIPS 186-5.
We encourage you to use this comment template to record and organize your comments on SP 800-78-5 ipd.
Also see the SP 800-73-5 ipd parts: Part 1, Part 2, Part 3.
Submit Comments
The comment period for these drafts is open through December 8, 2023 November 15, 2023. See the publication details (linked above) to download the drafts and comment templates. Comments and inquiries should be sent to [email protected].
Workshop
NIST hosted aPersonal Identity Verification Webinaron November 8, 2023, to discuss both SP 800-73-5 ipd and SP 800-78-5 ipd.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see Information Technology Laboratory (ITL)Patent Policy – Inclusion of Patents in ITL Publications.
Abstract
Federal Information Processing Standard 201-3 (FIPS 201-3) defines the requirements for Personal Identity Verification (PIV) life cycle activities, including identity proofing, registration, PIV Card issuance, and PIV Card usage. FIPS 201-3 also defines the structure of an identity credential that includes cryptographic keys. This document contains the technical specifications needed for the mandatory and optional cryptographic keys specified in FIPS 201-3, as well as the supporting infrastructure specified in FIPS 201-3 and the related NIST Special Publication (SP) 800-73, Interfaces for Personal Identity Verification, and NIST SP 800-76, Biometric Specifications for Personal Identity Verification, which rely on cryptographic functions.
Federal Information Processing Standard 201-3 (FIPS 201-3) defines the requirements for Personal Identity Verification (PIV) life cycle activities, including identity proofing, registration, PIV Card issuance, and PIV Card usage. FIPS 201-3 also defines the structure of an identity credential that... See full abstract
Keywords
cryptographic algorithm; FIPS 201; identity credential; Personal Identity Verification (PIV); smart cards
Control Families
None selected