Documentation

Office of Management and Budget (OMB)

National Institute of Standards and Technology (NIST)

2004 Mitre PKI Study 

Special Publications

• 800-21 Guideline for Implementing Cryptography In the Federal Government
•  800-39 Managing Risk from Information Systems DRAFT (October 2007)
•  800-45 Guidelines on Electronic Mail Security
•  800-49 Federal S/MIME V3 Client Profile
•  800-52 Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations
•  800-53A (June 2008) Recommended Security Controls for Federal Information Systems
  •  800-53
  •  800-53 Rev 1 (December)
    •  Annex 1 Baseline (low)
    •  Annex 2 Baseline (Moderate)
    •  Annex 3 Baseline (High)
•  800-57
  •  Recommendation for Key Management – Part 1: General
  •  Recommendation for Key Management – Part 2: Best Practices for Key Management Organization
•  800-63 Electronic Authentication Guideline (V 1.0.2 April 2006)
  •  800-63 Electronic Authentication Guideline (V 1.0.1 September 2005)
  •  800-63-1 DRAFT
•  800-73-2 DRAFT
  •  Part 1 End-Point PIV Card Application Namespace, PIV Data Model and Representation
  •  Part 2 End-Point PIV Card Application Interface
  •  Part 3 End-Point PIV Client Application Programming Interface

  •  Part 4 The PIV Transitional Interfaces and Data Model Specification

•  800-73-1 Interfaces for Personal Identity Verification (March 2006)
  •  Errata (May 2006)
  •  800-73 Interfaces for Personal Identity Verification
  •  Errata Sheet
  •  800-73-1 DRAFT February 8, 2006
•   800-76-1 Biometric Data Specification for Personal Identity Verification (January 2007)
  • 800-76 Biometric Data Specification for Personal Identity Verification (February 1, 2006)
  •  800-76 DRAFT
•  800-78-1 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification
  •  800-78 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
•  800-79-1 Guidelines for the Accreditation of Personal Identity Verification Card Issuers
  • 800-79 Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
•  800-85 PIV Middleware and PIV Card Application Conformance Test Guidelines (SP800-73 compliance)
•  800-85A-1 PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance)
  • 800-85A
•  800-85B PIV Data Model Test Guidelines (July 2006)
  •  800-85B DRAFT PIV Data Model Test Guidelines (May 2006)
•  800-87 Codes for the Identification of Federal and Federally Assisted Organizations
•  800-96 PIV Card / Reader Interoperability Guidelines (September 2006)
  • 800-96 DRAFT PIV Card / Reader Interoperability Guidelines (May 2006)
•  800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
•  800-104 DRAFT A Scheme for PIV Visual Card Topography
•  800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

Federal Information Processing Standards

•  201-1 Change 1 Personal Identity Verification (PIV) of Federal Employees and Contractors
  •  201-1 (March 2006) Personal Identity Verification (PIV) of Federal Employees and Contractors
  • 201 Personal Identity Verification (PIV) of Federal Employees and Contractors
    •  Errata
•  200 Minimum Security Requirements for Federal Information and Information Systems
•  65 Guideline for Automated Data Processing Risk Analysis (This is a historical document no longer supported by NIST)

Interagency Reports

•  6529-A Common Biometric Exchange Formats Framework (CBEFF)
•  6887 Government Smart Card Interoperability Specification
•  7026 Smart Cards and Mobile Device Authentication: An Overview and Implementation
•  7046 A Framework for Multi-mode Authentication: Overview and Implementation
•  7056 Card Technology Developments and GAP Analysis Interagency Report
•  7284 Personal Identity Verification Card Management Report

ITL Bulletins

•  February 2000 - Guideline for Implementing Cryptography In The Federal Government
•  March 2001 - An Introduction to IPsec (Internet Protocol Security)
•  May 2001 - Biometrics - Technologies for Highly Secure Personal Authentication
•  July 2002 - Overview: The Government Smart Card Interoperability Specification
•  September 2002 - Cryptographic Standards and Guidelines: A Status Report
•  November 2002 - Security for Telecommuting and Broadband Communications
•  December 2002 - Security of Public Web Servers
•  January 2003 - Security of Electronic Mail
•  February 2003 - Secure Interconnections for Information Technology Systems
•  March 2003 - Security for Wireless Networks and Devices
•  December 2003 - Security Considerations in the Information System Development Life Cycle
•  March 2005 - Personal Identity Verification (PIV) of Federal Employees and Contractors: Federal Information Processing Standard (FIPS) 201 Approved by the Secretary of Commerce
•  April 2005 - Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
•  May 2005 - Recommended Security Controls for Federal Information Systems: Guidance for Selecting Cost-Effective Controls Using a Risk-Based Process
•  July 2005 - Protecting Sensitive Information that is transmitted Across Networks: NIST Guidance for Selecting and Using Transport Layer Security Implementations
•  August 2005 - Implementation of FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors
•  January 2006 Testing and Validation of Personal Identity Verification (PIV) Components and Subsystems for Conformance to Federal Information Processing Standard 201
•  March 2006 Minimal FIPS 200 Security Controls
•  May 2006 Cryptographic Standards Update

General Services Administration (GSA)

•  E-Authentication Handbook for Federal Government Agencies Version 3.0.0
•  Government Smart Card Handbook
•  Technical Approach for the Authentication Service Component (E-Authentication version 1.0.0)
•  Acquisitions Related to Compliance with HSPD-12 and FIPS 201 Requirements
•  Federal Identity Management Handbook Version 0.1
•  E-Authentication Interoperability Lab Concept of Operations Version 2.0.0
•  Memorandum sent to Chief Information Officers regarding OMB M-05-05

US Gold

•  The Updated USGold Schema
•  Contents
•  National, Federal, and Federally Assisted Organizations
•  Acronyms
•  Functional Requirements Definition/Detailed Design Compliance Matrix
•  U.S. Government Schema
•  References
•  ASN.1
•  Detailed Design
•  Directory Service Architecture
•  Naming and DIT Structure
•  Security Architecture
•  U. S. Government Schema

ACP 133

•  Main Body Common Directory Services and Procedures
•  Annex A
•  Annex C Directory Profiles
•  Edition B
•  Annex A to Edition B
•  Annex C to Edition B

Office of Personnel Management (OPM)

•  Federal Register Comment Request for Proposed Clearance of Revised Information Collections
•  Applicant Brochure
•  Dialup Connection Settings
•  IS-15 Requesting OPM Personnel Investigations
•  Information on Planning for a Pandemic Influenza Outbreak (June 9, 2006)
•  Human capital Planning for Pandemic Influenza (June 9, 2006)

GAO

•  Report 06-178 Agencies Face Challenges in Implementing New Federal Employee Identification standard, February, 2006.
•  GAO-08-536 Alternatives Exist for Enhancing Protection of Personally Identifiable Information, May, 2008.
•  GAO-08-836R Information Security Controls at FRBs, June 16, 2008.

Other Documentation

•  PACS version 2.3 
  •  DRAFT Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.3E
•  The Federal PKI Policy Authority (FPKIPA) are part of the approval process necessary for PIV credential issuance. Click on the FPKIPA Documentation link for additional information.
•   Interagency Advisory Board Page