IA-2(12): Acceptance Of Piv Credentials

Control Family:

Identification And Authentication

Parent Control:

IA-2: Identification And Authentication (Organizational Users)

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Baselines:

Low
Moderate
High

Next Version:

NIST Special Publication 800-53 Revision 5:
IA-2(12): Acceptance of Piv Credentials

Control Statement

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials.

Supplemental Guidance

This control enhancement applies to organizations implementing logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.