Personal Identification Verification (PIV) Cards (SS-19-001)
Effective Date: 7/1/2019
Review Date: 12/01/2024
PURPOSE
This standard specifies a reliable PIV system within which a common identity credential can be used to verify a claimed identity and to gain physical[PA1] and logical access to state controlled facilities and information systems.
SCOPE and AUTHORITY
O.C.G.A 50-25-4(a)(8) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(20) - State Government, Georgia Technology, General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Policy
TERMS AND DEFINITIONS
Credential - PIV Card and data element associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual.
Identity - set of physical and behavioral characteristics by which an individual is uniquely recognizable.
STANDARDS
Georgia shall implement physical and logical access control measures to appropriate assurance levels that limit access to information, processing systems and facilities to only authorized individuals, except where designated for general public access.
Agencies that choose to issue PIV cards as a form of multi-factor authentication shall adhere to the standards as detailed by the Federal Information Processing Standards (FIPS PUB 201-2 or as amended).
The specifications of all PIV cards issued by state agencies shall be such that they are compatible with the building access systems managed by the Georgia Building Authority.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Access Control Policy (PS-08-009)
Authorization and Access Management Standard (SS-08-010.02)
REFERENCES
Federal Information Processing Standards 201 https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.201-2.pdf
NIST Computer Security Resource Center
http//csrc.nist.gov/
SP 800-116 A Recommendation for the use of PIV Credentials in Physical Access Control Systems (PACS)