[Federal Register Volume 70, Number 173 (Thursday, September 8, 2005)]
[Notices]
[Pages 53346-53347]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-17744]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No.: 050825229-5229-01]


Announcing Review of Proposed Changes to Federal Information 
Processing Standard (FIPS) Publication 201, Standard for Personal 
Identity Verification of Federal Employees and Contractors

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice. Request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
announces proposed changes to Federal Information Processing Standard 
(FIPS) Publication 201, Standard for Personal Identity Verification of 
Federal Employees and Contractors. The changes to Section 2.2, PIV 
Identify Proofing and Registration Requirements, and to Section 5.3.1, 
PIV Card Issuance, will clarify the identity proofing and registration 
process that departments and agencies should follow when issuing 
identity credentials. These changes are required to make FIPS 201 
consistent with the Memorandum for All Departments and Agencies (M-05-
24), issued by the Office of Management and Budget on August 5, 2005, 
Implementation of Homeland Security Presidential Directive (HSPD) 12--
Policy for a Common Identification Standard for Federal Employees and 
Contractors. Before recommending these proposed changes to FIPS 201 to 
the Secretary of Commerce for review and approval, NIST invites 
comments from the public, users, the information technology industry, 
and Federal, State and local government organizations concerning the 
proposed changes.

DATES: Comments on these proposed changes must be received by October 
11, 2005.

ADDRESSES: Written comments concerning the proposed changes to FIPS 201 
should be sent to: Information Technology Laboratory, ATTN: Proposed 
Changes to FIPS 201, Mail Stop 8930, National Institute of Standards 
and Technology, 100 Bureau Drive, Gaithersburg, MD 20899.
    Electronic comments should be sent to: [email protected].
    The proposed changes to FIPS Publication 201 are available 
electronically from the NIST Web site at: http://csrc.nist.gov/publications/.
    Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov/publications/fips/index.html.

FOR FURTHER INFORMATION CONTACT: W. Curtis Barker, (301) 975-8443, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930, email: [email protected].
    Information about FIPS 201 and the PIV program is available on the 
NIST Web pages: http://csrc.nist.gov/.

SUPPLEMENTARY INFORMATION: Homeland Security Presidential Directive 
(HSPD) 12, Policy for a Common Identification Standard for Federal 
Employees and Contractors, dated August 27, 2004, directed the 
Secretary of Commerce to promulgate, by February 27, 2005, a 
Government-wide standard for secure and reliable forms of 
identification to be issued by the Federal Government to its employees 
and contractors (including contractor employees). FIPS 201 was 
developed to satisfy the technical, administrative, and timeliness 
requirements of HSPD 12. The standard was developed in a ``manner 
consistent with the Constitution and applicable laws, including the 
Privacy Act (5 U.S.C. 552a) and other statutes protecting the rights of 
Americans'' as required in HSPD 12.
    To assist departments and agencies in implementing the provisions 
of FIPS 201, Joshua Bolten, the Director of the Office of Management 
and Budget (OMB), issued a Memorandum for All Departments and Agencies 
on August 5, 2005 entitled ``Implementation of Homeland Security 
Presidential Directive (HSPD) 12--Policy for a Common Identification 
Standard for Federal Employees and Contractors.'' The Memorandum 
provides implementation guidance and clarifies the requirements for 
identity proofing, registration and accreditation processes. Two 
provisions of FIPS 201 as promulgated by the Secretary of Commerce 
earlier this year are not consistent with the guidance contained in the 
Bolten Memorandum and those provisions of FIPS 201 are hereby proposed 
for revision. Sections 2.2, ``PIV Identify Proofing and Registration

[[Page 53347]]

Requirements,'' and 5.3.1 of FIPS 201, ``PIV Card Issuance,'' are being 
revised to assure that they are consistent with the OMB guidance 
concerning National Agency Checks as part of the identity proofing and 
registration process. Therefore, NIST has prepared changes to FIPS 201 
to clarify the identity proofing and registration process that 
departments and agencies should follow when issuing identity 
credentials. In short, under the proposed FIPS revision if an agency 
does not receive the results of the National Agency Checks (NAC) within 
five days, the identity credential can be issued based on the FBI 
National Criminal History Check (fingerprint check). Identity 
credentials issued to individuals without a completed NAC or equivalent 
must be electronically distinguishable from identity credentials issued 
to individuals who have a completed investigation. Director Bolten's 
Memorandum is available electronically from the OMB Web page: http://www.whitehouse.gov/omb/memoranda/index.html.
    The proposed changes to FIPS Publication 201 are available 
electronically from the NIST Web site at: http://csrc.nist.gov/publications/.

    Authority: In accordance with the Information Technology 
Management Reform Act of 1996 (Public Law 104-106) and the Federal 
Information Security Management Act (FISMA) of 2002 (Public Law 107-
347), the Secretary of Commerce is authorized to approve Federal 
Information Processing Standards (FIPS). Homeland Security 
Presidential Directive (HSPD) 12, Policy for a Common Identification 
Standard for Federal Employees and Contractors, dated August 27, 
2004, directed the Secretary of Commerce to promulgate, by February 
27, 2005, a Government-wide standard for secure and reliable forms 
of identification to be issued to Federal Government employees and 
contractors.
    Executive Order 12866: This notice has been determined to be 
significant for the purposes of Executive Order 12866.

    Dated: September 1, 2005.
William Jeffrey,
Director.
[FR Doc. 05-17744 Filed 9-7-05; 8:45 am]
BILLING CODE 3510-13-P