FIPS 201-4, titled "Personal Identity Verification (PIV) of Federal Employees and Contractors," is a standard developed by the National Institute of Standards and Technology (NIST) to define the requirements for a government-wide standard for personal identity verification. It outlines the technical specifications for the PIV card, which is used by federal employees and contractors to access secure federal facilities, systems, and data.

Based on the above standard’s requirements the enrollment process for issuing a Personal Identity Verification (PIV) card must be defined within an organization for ensuring secure and verified access. It involves collecting identity proofing documents, personal data, biometric information, and the user's signature, along with completing background checks and fingerprint verification to confirm the individual's identity and approve the card issuance.

The enrollment process supported by the Unifyia platform is a multi-step procedure designed to ensure that the identity of the individual is thoroughly validated before the card is issued. This process includes collecting identity proofing documents, personal data, biometrics, and the user’s signature, along with completing background checks and fingerprint verification to confirm the individual's identity and approve the card issuance.

Key Steps in the Enrollment Process:

1. Collection of Identity Proofing Documents: The process begins by collecting official identity proofing documents, such as a government-issued ID, passport, or other authorized forms of identification. The identity proofing process must comply with the Identity Assurance Levels as defined in the National Institute of Standards and Technology's (NIST) digital identity guidelines standard NIST SP 800-63-4. These documents are used to verify the individual’s identity and establish a secure foundation for the enrollment process.
2. Personal Data Collection: The individual is asked to provide personal data, such as their full name, date of birth, contact details, and other identifying data. The data collected must be in compliance with the requirements defined in the NIST standard FIPS 201-3. This data is securely stored and forms the core identity information that will be embedded in the PIV card.
3. Biometric Data Capture: As part of the security measures, biometric data such as fingerprints, face and iris are collected. To issue a PIV card, biometric data (fingerprints, face, and iris) must comply with international standards like ISO/IEC 19794, federal standards such as FIPS 201-3, and guidelines outlined in NIST SP 800-76-2. These standards ensure that biometric data is captured, stored, and used reliably for identity verification, helping to maintain the integrity and security of the PIV card system.
4. User Signature Capture: In combination with biometric data (such as fingerprints or facial recognition), the user’s signature adds an extra layer of security. If the signature is collected digitally, it can be securely encrypted and stored on the PIV card, providing an additional means of verifying the user’s identity when accessing systems or facilities. The signature, being unique to the individual, helps prevent fraudulent activities such as impersonation or identity theft. It adds another layer of verification when used for future authentication.
5. Background Investigation and Fingerprint Verification: A background investigation is conducted as part of the adjudication process to ensure the individual is eligible to receive a PIV card. This investigation checks for any security or legal concerns. Additionally, fingerprint verification is performed to cross-check the biometric data with existing records, further confirming the individual’s identity and reducing the risk of fraudulent enrollment.
6. Verification and Card Issuance: Once all the personal data, biometric information, signature, and background checks are reviewed and approved, the PIV card is issued. The card securely stores the individual’s encrypted personal data, biometric information, and signature, enabling trusted access to physical and digital resources within the organization.

The PIV card enrollment process is designed to ensure that each cardholder’s identity is thoroughly validated, incorporating multiple layers of security to guarantee the integrity and reliability of the authentication process.