AGENCY:

National Institute of Standards and Technology (NIST), Commerce.

ACTION:

Notice. Request for comments.

SUMMARY:

The National Institute of Standards and Technology (NIST) announces proposed changes to Federal Information Processing Standard (FIPS) Publication 201, Standard for Personal Identity Verification of Federal Employees and Contractors. The changes to Section 2.2, PIV Identify Proofing and Registration Requirements, and to Section 5.3.1, PIV Card Issuance, will clarify the identity proofing and registration process that departments and agencies should follow when issuing identity credentials. These changes are required to make FIPS 201 consistent with the Memorandum for All Departments and Agencies (M-05-24), issued by the Office of Management and Budget on August 5, 2005, Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors. Before recommending these proposed changes to FIPS 201 to the Secretary of Commerce for review and approval, NIST invites comments from the public, users, the information technology industry, and Federal, State and local government organizations concerning the proposed changes.

DATES:

Comments on these proposed changes must be received by October 11, 2005.

ADDRESSES:

Written comments concerning the proposed changes to FIPS 201 should be sent to: Information Technology Laboratory, ATTN: Proposed Changes to FIPS 201, Mail Stop 8930, National Institute of Standards and Technology, 100 Bureau Drive, Gaithersburg, MD 20899.

Electronic comments should be sent to: fips.comments@nist.gov.

The proposed changes to FIPS Publication 201 are available electronically from the NIST Web site at: http://csrc.nist.gov/​publications/​.

Comments received in response to this notice will be published electronically at http://csrc.nist.gov/​publications/​fips/​index.html.

FOR FURTHER INFORMATION CONTACT:

W. Curtis Barker, (301) 975-8443, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930, email: wbarker@nist.gov.

Information about FIPS 201 and the PIV program is available on the NIST Web pages: http://csrc.nist.gov/​.

SUPPLEMENTARY INFORMATION:

Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors, dated August 27, 2004, directed the Secretary of Commerce to promulgate, by February 27, 2005, a Government-wide standard for secure and reliable forms of identification to be issued by the Federal Government to its employees and contractors (including contractor employees). FIPS 201 was developed to satisfy the technical, administrative, and timeliness requirements of HSPD 12. The standard was developed in a “manner consistent with the Constitution and applicable laws, including the Privacy Act (5 U.S.C. 552a) and other statutes protecting the rights of Americans” as required in HSPD 12.

To assist departments and agencies in implementing the provisions of FIPS 201, Joshua Bolten, the Director of the Office of Management and Budget (OMB), issued a Memorandum for All Departments and Agencies on August 5, 2005 entitled “Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors.” The Memorandum provides implementation guidance and clarifies the requirements for identity proofing, registration and accreditation processes. Two provisions of FIPS 201 as promulgated by the Secretary of Commerce earlier this year are not consistent with the guidance contained in the Bolten Memorandum and those provisions of FIPS 201 are hereby proposed for revision. Sections 2.2, “PIV Identify Proofing and Registration Start Printed Page 53347Requirements,” and 5.3.1 of FIPS 201, “PIV Card Issuance,” are being revised to assure that they are consistent with the OMB guidance concerning National Agency Checks as part of the identity proofing and registration process. Therefore, NIST has prepared changes to FIPS 201 to clarify the identity proofing and registration process that departments and agencies should follow when issuing identity credentials. In short, under the proposed FIPS revision if an agency does not receive the results of the National Agency Checks (NAC) within five days, the identity credential can be issued based on the FBI National Criminal History Check (fingerprint check). Identity credentials issued to individuals without a completed NAC or equivalent must be electronically distinguishable from identity credentials issued to individuals who have a completed investigation. Director Bolten's Memorandum is available electronically from the OMB Web page: http://www.whitehouse.gov/​omb/​memoranda/​index.html.

The proposed changes to FIPS Publication 201 are available electronically from the NIST Web site at: http://csrc.nist.gov/​publications/​.

Authority: In accordance with the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Federal Information Security Management Act (FISMA) of 2002 (Public Law 107-347), the Secretary of Commerce is authorized to approve Federal Information Processing Standards (FIPS). Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors, dated August 27, 2004, directed the Secretary of Commerce to promulgate, by February 27, 2005, a Government-wide standard for secure and reliable forms of identification to be issued to Federal Government employees and contractors. Executive Order 12866: This notice has been determined to be significant for the purposes of Executive Order 12866.