IA-2(12): Acceptance of Piv Credentials

CSF v1.1 References:


  • Low
  • Moderate
  • High

Previous Version:

Control Statement

Accept and electronically verify Personal Identity Verification-compliant credentials.

Supplemental Guidance

Acceptance of Personal Identity Verification (PIV)-compliant credentials applies to organizations implementing logical access control and physical access control systems. PIV-compliant credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. The adequacy and reliability of PIV card issuers are authorized using SP 800-79-2. Acceptance of PIV-compliant credentials includes derived PIV credentials, the use of which is addressed in SP 800-166. The DOD Common Access Card (CAC) is an example of a PIV credential.