Industry Recommendations for Implementing PIV Credentials with Physical Access Control Systems: A Quick Guide to Implementing Essential NIST SP 800-116 R1 Requirements
Publication Date: May 2019
In June 2018, the National Institute of Standards and Technology (NIST) released a revision of NIST SP 800-116: “A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS).” The revised document is called NIST SP 800-116 Revision 1: “Guidelines for the Use of PIV Credentials in Facility Access.’’ NIST SP 800-116 R1 covers the risk-based strategy to select appropriate PIV authentication mechanisms as expressed within Federal Information Processing Standard (FIPS) 201 and other related documents.
The Secure Technology Alliance Access Control Council developed this guide to focus on the content of SP 800-116 R1 that provides the essential information required to successfully implement PIV with PACS, without including discussion of how the card is made or how it works “under the hood.” Alternative visual diagrams are provided to enhance understanding of the applications and approaches to meet the requirements.
This guide enables the reader to more quickly grasp the required concepts and apply the correct authentication mechanisms to their facility and access control use cases. An analogy is: NIST SP 800-116 R1 is a “dictionary;” this guide uses this dictionary to craft a story suitable for the unique needs of a PIV-enabled PACS solution implementor.
The guide discusses:
- Characteristics of PIV implementation in PACS
- Threat environment
- PIV authentication mechanisms used in PACS applications
- PACS use cases
- Deployment considerations
About this Guide
The Secure Technology Alliance Access Control Council developed this guide to focus on the content of SP 800-116 R1 that provide the essential information required to successfully implement PIV with PACS. Secure Technology Alliance participants in the development of the guide included: ID Technology Partners; Integrated Security Technologies; Lenel; SigNet Technologies; U.S. Department of Homeland Security; XTec, Inc.