NIST Revises SP 800-73 and SP 800-78

July 31, 2024 – From the desk of Neil Fallon

Next month will mark the 20th anniversary of President Bush signing into law Homeland Security Presidential Directive-12 (HSPD-12) on August 27, 2004. The directive transformed identity management for federal employees and introduced the Personal Identity Verification (PIV) credential. A few years later FIPS-201-1 was established to meet the security and inoperability goals of HSPD-12.

As a reminder that FIPS 201-1 is a living document, the National Institute of Standards and Technology (NIST) continues to revise the standard and its associated Special Publications.  FIPS 201-1 has been revised two times. The current standard is now titled FIPS 201-3. On July 15, NIST published SP 800-75-5 “Cryptographic Algorithms and Key Sizes for Personal Identity Verification” to align with the revised standard.

This document is more cerebral than most access control providers will ever need to wade through. The software developers at Identity One will be doing that deep dive for its clients. However, I was drawn to an identified major change that noted “additional use of facial recognition for general authentication.” Could this be another step toward the US Federal Government becoming comfortable with Facial Recognition Technology (FRT)?

Read more details about this change here: NIST Revises SP 800-73 and SP 800-78 | CSRC

Click here to contact Neil Fallon and learn more.

About Identity One

Identity One builds on the FIPS 201 standard, creating innovative next generation registration, validation, issuance visitor management, visitor PIV card and derived credentials for CAC, PIV and TWIC.  Identity One’s solutions serve physical access, logical access for TWIC compliance, US Federal Government Security and US Armed Forces Security. We issue, register and verify identities for frictionless access and integration everywhere, protect identities from being impersonated, and secure intellectual property. We digitally verify identities for the physical and logical world. Identity One software and services are BAA (Buy American Act) compliant and TAA (Trade Agreements Act) compliant. Identity One is headquartered in Atlanta, Georgia, USA and all our products are proudly made in the USA.