FIPS 201

What Is FIPS 201?

FIPS 201FIPS 201ComplianceUS federal standard defining PIVPIVIdentityUS federal identity card standard.Click to view → smart card specifications.Click to view → (Federal Information Processing Standard 201) is the US government standard that defines the requirements for Personal Identity Verification (PIV) smart cards used by federal employees and contractors. Published by NIST and mandated by Homeland Security Presidential Directive 12 (HSPD-12), FIPS 201 specifies the card's physical form factor, chip interface, data model, cryptographic algorithms, biometric storage, and lifecycle management procedures.

The current version, FIPS 201-3 (2022), governs over 5 million active PIV cards across US federal agencies and serves as the reference architecture for derived credentials on mobile devices.

What FIPS 201 Covers

The standard addresses every aspect of a federal identity smart card:

PIV Data Containers

A PIV card stores multiple data objects, each accessible through standard APDU commands:

• CHUID (Card Holder Unique Identifier) -- FASC-N, UUID, and digital signature. Readable without PIN for contactless physical access.
• PIV Auth Certificate -- X.509 certificate for general authentication (login, VPN). Requires PIN to use the private key.
• Digital Signature Certificate -- for signing emails and documents. PIN required per use.
• Fingerprint Templates -- biometric templates for Match-On-Card or off-card comparison.
• Facial Image -- JPEG photo for visual verification.

Relationship to Other Standards

FIPS 201 references and builds upon several companion standards:

• FIPS 140 -- the PIV card's cryptographic module must be FIPS 140FIPS 140ComplianceUS government cryptographic module security standard.Click to view →-2 Level 2 or higher certified.
• Common Criteria -- PIV card chips typically hold EAL 4+ certification.
• NIST SP 800-73 -- defines the PIV card application programming interface and data model.
• NIST SP 800-76 -- biometric data specifications for PIV cards.

The PIV card and CAC (Common Access Card) share significant technical overlap, with CACCACIdentityUS DoD identification smart card.Click to view → being the DoD-specific implementation aligned with PIV standards.