Draft FIPS 201-2 Top 10 changes

April 29, 2011
Cyber Security, FedCyber Wire, Technology
No Comment

via SecureID News

IDmachines and other colleagues attended a workshop last week at the Department of Commerce National Institute of Standards and Technology in Gaithersburg, Md. on the draft FIPS 201-2.

The workshop enabled NIST, other government agencies and industry to discuss the initial changes and to propose other changes to PIV standard. FIPS 201-1 has more than 5 years of experience and the issuance of millions of credentials to consider as the new draft goes forward. The comment period for FIPS 201-2 closes June 6.

FIPS 201 is one part of a number of initiatives on the part of the Federal government around identity and cybersecurity. The Federal Chief Information Officer Council has released the draft of the Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance, Part B that goes into the use of PIV credentials for both logical and physical security. The FICAM effort also includes the Trust Framework Provider Adoption Process for lower assurance levels to both structure and a range of identity tokens.

Companions to FIPS 201 and the FICAM include the National Strategy for Trusted Identities in Cyberspace (NSTIC) that was recently released by the White House and which is managed about of a program office at NIST. Besides NSTIC the CIO Council, the General Services Administration and the Federal PKI Management Authority have promoted the expansion of PIV to organizations outside of Federal employees and contractors with PIV-Interoperability or PIV-I.

Understanding the activity around identity on the part of the United States Government needs to look at these things-and other related activity-as a whole.

As part of the overview to workshop NIST presented its “top ten” list of the changes to FIPS 201. While not exactly ready for Letterman it provides and excellent overview of what is changing in the document.

Continued here.