Personal Identity Verification (PIV) is a common credentialing and standard background investigation process required by Homeland Security Presidential Directive 12 (HSPD-12). A PIV card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.

The criteria for PIV cards was established by Federal Information Processing Standard (FIPS) 201, which was formally entitled Personal Identity Verification of Federal Employees and Contractors. FIPS 201 was developed to satisfy the requirements of HSPD 12, which requires a common identification standard for all Federal employees and contractors.

FIPS 201, which is intended to be a living document, specifies the interface and data elements of the PIV card, the technical acquisition and formatting requirements for biometric data on the smart card and acceptable cryptographic algorithms and key sizes.

There are different types of PIV badges which reflect various agencies. The following are some of the different types:

  • FIPS: Federal Information Processing Standard
  • TWIC: Transportation Worker Identification Credential
  • FRAC: First Responder Authentication Credential
  • CAC: Common Access Card (Department of Defense)
  • PIV-I: Personal Identity Verification Interoperable (non-Federal employees and government contractors)
  • CIV:  Commercial Identity Verification

PIV Information Sheet

Personal Identity Verification PIV Card Front

Personal Identity Verification PIV Card Back

Card data model Must follow SP 800-73 Must follow SP 800-73 “Follows” SP 800-73 (recommended)
Current primary credential number FASC-N (requires Federal agency code) UUID (no Federal agency code required) UUID (recommended) (no Federal agency code required)
Object identifiers Federal Bridge Federal Bridge Organization Internet Assigned Number Authority (IANA) (if exists)
Types of Federation and Levels of Assurance
Trustworthiness Trusted identity, credential and suitability Trusted basic identity and credential but not suitability Trusted credential only within the issuing organization.
Trust among organizations Federal Bridge Clustered through Federal Bridge Clustered alone
Organization NIST Federal CIO Council Smart Card Alliance Access Control Council
Defining documents FIPS 201, SP 800-73 and other related NIST publications Personal Identity Verification Interoperability for Non-Federal Issuers FICAM PIV-I FAQ The Commercial Identity Verification (CIV) Credential–Leveraging FIPS 201 and the PIV Specifications
Motivation HSPD-12 Interoperable credential for organizations doing business with the government and for first responders Commercial credential that could take advantage of the PIV infrastructure
Organizations that may issue and/or use the credential Federal agencies Federal agencies
Federal contractors
Commercial organizations doing business with the Federal government
State and local governments
Critical infrastructure providers
First responder organizations
Commercial organizations who are part of an industry initiative and require an interoperable, trusted credential
Commercial organizations seeking a credential for use for their employees, subcontractors, non-employee visitors and customers
Federal agencies who accept credentials with medium hardware assurance

Comparison chart courtesy of Smart Card Alliance:

Related Products

Related Articles

« Back to Glossary Index