NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION
IA-8(5) — Acceptance of PIV-I Credentials
Accept and verify federated or PKI credentials that meet {{ insert: param, ia-08.05_odp }}.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
Acceptance of PIV-I credentials can be implemented by PIV, PIV-I, and other commercial or external identity providers. The acceptance and verification of PIV-I-compliant credentials apply to both logical and physical access control systems. The acceptance and verification of PIV-I credentials address nonfederal issuers of identity cards that desire to interoperate with United States Government PIV systems and that can be trusted by Federal Government-relying parties. The X.509 certificate policy for the Federal Bridge Certification Authority (FBCA) addresses PIV-I requirements. The PIV-I card is commensurate with the PIV credentials as defined in cited references. PIV-I credentials are the credentials issued by a PIV-I provider whose PIV-I certificate policy maps to the Federal Bridge PIV-I Certificate Policy. A PIV-I provider is cross-certified with the FBCA (directly or through another PKI bridge) with policies that have been mapped and approved as meeting the requirements of the PIV-I policies defined in the FBCA certificate policy.
Practitioner Notes
This enhancement addresses acceptance of PIV-I (PIV-Interoperable) credentials — non-federal smart cards that meet PIV technical specifications.
Example 1: Configure your Active Directory to accept PIV-I credentials from defense contractors who have been issued PIV-I cards by their organizations.
Example 2: Add the PIV-I issuing CAs to your trust store so that contractor smart cards can be used for authentication alongside government-issued PIV/CAC cards.