The Differences Among PIV, PIV-I and CIV Credentials

IDmachines put together the following for the Smart Card Alliance newly renamed Access Control Council in support of one of its first deliverables.  

Homeland Security Presidential Directive 12 (HSPD-12) mandates a standard for a secure and reliable form of identification to be used by all Federal employees and contractors.  Signed by President George W. Bush in August 2004, HSPD-12 initiated the development of a set of technical standards and issuance policies (FIPS 201) that create the Federal infrastructure required to deploy and support an identity credential that can be used and trusted across all Federal agencies.

The policy, processes and technology in FIPS 201 support multiple other special publications (SPs) specifically written for FIPS 201 and build on other National Institute of Standards and Technology (NIST) standards and SPs that support best practice across information technology and security domains.  Importantly these standards also build on international and national standards such as the Internet Engineering Task Force (IETF), the International Telecommunications Union (ITU), the Institute of Electrical and Electronics Engineers (IEEE), the Security Industry Association (SIA), the International Standards Organization (ISO), the for the Advancement of Structured Information Standards (OASIS) and others.

		PIV		PIV-I	CIV
Policy
Breeder documents	Follows FIPS 201		Follows FIPS 201			Follows the organization’s policies
Background checks	National Agency Check with Investigation		None required, directly impacts level of suitability for access			None required, directly impacts level of suitability for access
Process
Application Adjudication Enrollment Issuance Activation	Follows FIPS 201, including separation of roles, strong biometric binding		Follows FIPS 201, including separation of roles, strong biometric binding			Follows the organization’s policies
Technology
Card data model	Must follow SP 800-73		Must follow SP 800-73			“Follows” SP 800-73
Current Primary Credential number	FASC-N		UUID			UUID (expected)
Object Identifiers	Federal Bridge		Federal  Bridge			Organization Internet Assigned Number Auhority (IANA)  (if exists)
Level of Assurance
Trust	High		Trusted identity and credential but not suitability of individual for access			None

The policy, process and technology applied to each of these credentials results in a level of assurance and interoperability and ultimately the extent to which you can trust and use it externally.  As shown in the chart the policy and process around PIV and PIV-I ultimately provide the interoperability and trust of the credential.  Identity and credential infrastructure requires an additional investment in order to adhere to and maintain these policies and processes.  In return users and organization can access ubiquitous identity and credential services with the benefit of high assurance in their federated transactions.