PIV-I
PIV-I stands for Personal Identity Verification – Interoperable.
A PIV-I ID refers to a credential issued to non-federal personnel (such as contractors,
state/local government employees, or affiliated organizations) that meets certain technical standards to
interoperate with the federal government's PIV (Personal Identity Verification)
systems.
Key Characteristics of PIV-I ID:
- Interoperability with Federal Systems:
PIV-I credentials are designed to be
technically compatible with the federal PIV infrastructure, including authentication systems, card
readers, and logical access tools.
- Non-Federal Issuers:
PIV-I cards are issued by non-federal
organizations that have established trust with federal agencies, but they are not issued by the
federal government itself.
- Standards-Based:
PIV-I credentials follow the same or similar technical
standards as federal PIV cards (e.g., those defined by NIST SP 800-73, FIPS
201, etc.), but with some flexibility for issuer-specific policies.
- Use Cases:
- Access to federal buildings and networks by contractors or partners
- Trusted identity for cross-organization collaboration
- Mobile derived credentials or FIDO2 extensions based on PIV-I identity
- Trust Frameworks:
PIV-I issuers may be part of a federated identity
trust framework, such as the Federal Bridge Certification Authority
(FBCA), ensuring their certificates are trusted by federal relying parties.
| How PIV-I Differs from PIV |
| Feature |
PIV |
PIV-I |
|
Issuer
|
U.S. Federal Agencies
|
Non-federal (e.g., contractors, state/local gov)
|
|
Policy Scope
|
FIPS 201 compliant
|
Aligns with FIPS 201, but outside federal issuance
|
|
Intended Users
|
Federal employees
|
External partners, contractors
|
|
Trust Level
|
Federally trusted
|
Federally interoperable (via bridging/trust)
|