PIV/CIV Credentials

This tutorial outlines the process of issuing PIV/CIV IDs and PIV/CIV credentials using the Unifyia platform. While the workflow configuration may vary depending on the specific requirements, the issuance procedure remains largely the same for both types of identities. To be eligible for issuance, the user must complete the onboarding and enrollment steps, which involve capturing biometric data, personal information, and undergoing a background verification process to confirm the individual's identity. Upon successful verification, the user is authorized to receive the credentials.

PIV ID

A Personal Identity Verification (PIV ID) is a government-issued smart card used for secure identity authentication in U.S. federal agencies and organizations that require high assurance credentials. It follows standards set by FIPS 201 and NIST SP 800-63-4, incorporating PKI-based authentication, digital signatures, and encryption for secure access to systems and facilities. PIV cards are primarily used for:

  • Federal Employee and Contractor Authentication
  • Physical and Logical Access Control
  • Multi-Factor Authentication (MFA) Compliance
  • Secure Digital Signatures and Encryption

CIV ID

A Commercial Identity Verification (CIV ID) is a non-federal equivalent of the PIV credential, designed for enterprises that require strong authentication without government-issued credentials. They provide enterprises with:

  • Workforce Authentication & Identity Assurance
  • Federated Identity & SSO (Single Sign-On)
  • Compliance with Industry Standards (e.g., NIST, Zero Trust)

Both PIV and CIV IDs enhance security and identity verification, but PIV is federally mandated, while CIV offers a flexible, enterprise-focused alternative.

A PIV/CIV ID can have two form factors - a smart card or a Security Key. The standard federal PIV ID or CIV ID is usually issued as a smart card which has printed information on the front and back sides of the card and mandatory data, biometrics, and cryptographic certificates embedded in the chip in compliance with the FIPS 201-3 standard. However, the platform allows organizations to issue PIV/CIV credentials on different types of identity devices as listed in the section Supported Identity Devices.

Supported Identity Devices

PIV/CIV credentials can be issued on the below types of smart cards/security keys:

  • IDEMIA- ID-One PIV v2.4.2 on Cosmo V8.2
  • IDEMIA- ID-One PIV 2.4.1 on Cosmo V8.1
  • IDEMIA- ID-One PIV 2.3.4 on Cosmo V7
  • Giesecke & Devrient - G&D SCE 7.0 with PIV Applet V1.0
  • ZTPass - ZTPass on NXP P71D600
  • Thales- Thales IDPrime PIV v3.0
  • Yubico - YubiKey 5 Series

Prerequisites

  • Ensure that you are registered with the necessary privileges by an authorized administrator to issue PIV/CIV IDs within the organization.
  • The user must have completed enrollment and approved to get the PIV/CIV ID.
  • You have a smart card reader to read smart cards.
  • You have a new PIV/CIV supported smart card or security key such as a Yubikey. If you are issuing USB security keys such as Yubikey, ensure that you have connected the USB device to the computer during the process of DPIV issuance.
  • Printer for printing PIV/CIV IDs
  • You have installed the Unifyia Client for Operators on your system to access the connected devices.

PIV/CIV Issuance

Follow the below steps to complete the issuance on a smart card/security key.

  1. Go to the main menu, Management > Users. Search the user either by name or email. Under the Actions column, select the Issue Identity icon to start the issuance process.
  2. Select an identity device to issue from the list of available options. Based on the selected identity type, you can do the following:
    1. Personalize: This option helps to personalize an identity device type such as a smart card or a security key.
      1. For Smart Card: Connect a card reader to your computer and insert a smart card.
      2. For Security Key: Insert the security key into a USB port.
      3. Select Personalize. It may take a few minutes to complete the process.
      4. On completion, a message appears confirming that the device is successfully personalized.
    2. Personalize and Print: This option helps to personalize and print a smart card.
      1. The connected card printer is auto-selected. If multiple printers are connected, select the required printer from the drop-down list. Ensure that the printer is loaded with cards.
      2. Select Personalize to only personalize.
      3. Select Personalize and Print to personalize and print a card in one go.
      4. The process may take a few minutes to complete. You can track the progress of the process on the progress bar.
      5. Once the process is completed, a confirmation message will appear, indicating that the issuance process was successful.

This completes the issuance of the PIV ID. The user is sent an email that contains the Activation PIN to the registered email address. The user needs to activate the issued ID on the first login.


Back Next
On this page
Related Links