Logical Access

There are seven requirements to be satisfied:

1. The PIV Card must include at least one certificate (Requirement 52)
2. The PIV Card implement Authentication Keys operations through the contact interface (Requirement 53)
3. PIV Card operations (excluding the hash) must be done on the chip (Requirement 54)
4. The PIV Card cryptographic module must be FIPS 140-2 level 2 or higher (Requirement 55)
5. The PIV Card cryptographic module must meet the FIPS 140-2 level 3 requirements for physical security(Requirement 56)
6. The PIV Card shall not export the private authentication key (Requirement 57)
7. The X.509 Authentication Certificate expiration date cannot exceed that of the PIV Card (Requirement 58)