& Definitions for Common Access Control (CAC) Readers:
The process of granting or denying specific requests to (i) obtain and use
information, and (ii) enter specific facilities.
AES (Advanced Encryption Standard)
One of many encryption standards utilized by the US Government.
APL (Approved Product List)
A list of products that are approved by the General Services Administration for
FIPS 201 solutions.
Two related keys, a public key and a private key, that are used to perform
complementary operations, such as encryption and decryption or signature
generation and signature verification.
The process of establishing confidence of authenticity in the validity of a
person’s identity and the PIV credential.
A measurable physical characteristic, such as a fingerprint, used to recognize
the identity, or verify the claimed identity, of an individual.
CA (Certificate authority)
A trusted entity that issues and revokes public key certificates.
CAC (Common Access Card)
The smart card based technology used as the identity credential by the
Department of Defense.
CHUID (Card Holder Unique Identifier)
The data structure for card holder identification defined by the FIPS-201
The PIV card and data elements associated with an individual that authoritatively
binds an identity (and, optionally additional attributes) to that individual.
CRL (Certificate Revocation List)
A list of certificates serial numbers that have been revoked by the Certificate
Authority as being expired, lost or otherwise unreliable and signed by the
DES (Data Encryption Standard)
The Data Encryption Standard that will be retired in 2010.
FASC-N (Federal Agency Smart Credential Number)
The data element contained within the CHUID and all data objects in a PIV that
uniquely identifies the credential holder.
FIPS (Federal Information Processing Standard)
Standards published by the NIST, a part of the U.S. Department of Commerce, for
use by all non-secret government agencies and by government contractors to achieve
a common level of quality and interoperability.
FRAC (First Responder Authentication Credential)
PIV smart credentials issued to local first responders to allow them to be
interoperable with Federal Government authorities in the event of a terrorist
attack or other disaster.
GSC-IS (Government Smart Card Interoperability Specification)
The technical specification developed by government and industry defining a
common interface for smart cards used by the US government and utilized heavily
in FIPS-201 and NIST SP 800-116.
GSC-IAB (Government Smart Card Interoperability Advisory Board)
Group of government and industry representatives that collaborate on the
establishment of smart card interoperability and related standards. http://www.smart.gov/iab
GUID (Globally Unique Identifier)
An number used in to provide a unique identifier.
A function that maps a bit string or arbitrary length to a fixed length bit
string such that it is One-Way (computationally infeasible to find any input
that maps to any pre-specified input) and is Collision Resistant (it is
computationally infeasible to find any two distinct inputs that map to the same
HMAC (Hashed Message Authentication Code)
A cryptographic checksum on data calculated using a specific symmetric key in
combination with a hash function to detect both accidental and intentional
modifications of data.
HSPD-12 (Homeland Security Presidential Directive 12)
Presidential Directive signed by President Bush in August 2004 calling for a
common set of secure and reliable identification standards for government
employees and contractors.
IAB (Interagency Advisory Board)
Group of government and industry members providing guidance and coordinating
efforts to develop new specifications and standards advancing use of the
government smart cards for physical and logical access control systems. http://www.smart.gov/iab
The process of confirming or denying that a claimed identity is correct by
comparing the credentials (something you have, something you know, something
you are) of a person requesting access with those previously proven and stored
in the PIV credential or system and associated with the identity being claimed.
IDMS (Identity Management System)
A software system that collects, verifies, and maintains identity verification,
validation and issuance and makes that information available to relying
Interoperability allows any government facility or information system,
regardless of the PIV issuer, to verify a cardholder’s identity using the
credentials on the PIV card.
LACS (Logical Access Control System)
A security system that authenticates an individual to a Information Technology
(IT) networks and related applications.
NIST (National Institute of Standards and Technology)
The federal agency under the Department of Commerce that develops and promotes
standards and technology to advance commerce.
OCSP (Online Certificate Status Protocol)
A protocol used for obtaining the revocation status of a public key certificate
issued by a trusted Certificate Authority. Two approaches are typically used: a
centralized server-based approach and distributed (often referred to as
OMB (Office of Management and Budget)
OMB's mission is to assist the President in overseeing the preparation of the
federal budget and to supervise its administration. OMB evaluates the
effectiveness of agency programs, policies, and procedures, assesses competing
funding demands among agencies, and sets funding priorities.
PACS (Physical Access Control System)
A system comprised of cards, readers, door controllers, servers and software to
control the physical ingress and egress of people within a given space.
PAIIWG (Physical Access Interagency Interoperability Working
A group of government and industry members that work to coordinate guidance and
recommendations for standardized interoperability among PACS across federal
PIN (Personal Identification Number)
The secret numeric password shared between a user and a system or the user and
the PIV credential that can be used as a second factor to authenticate the user
to the system.
PIV (Personal Identification Verification) Card
A physical smart card token with stored identity information (e.g. photograph,
keys, biometric data) enabling the claimed identity of the cardholder to be
verified by another human or by an automated (machine readable and verifiable)
process. The PIV conforms to the FIPS-201 standard.
An authorized identity card creator that purchases FIPS approved blank identity
cards, initializes them with the appropriate software and data elements for the
requested identity verification and access control application, personalizes
the cards with the identity credentials of the authorized subjects, and
delivers the personalized cards to the authorized subjects.
PKI (Public-Key Infrastructure)
Public Key Infrastructure (PKI) is a system that enables users of an unsecure
network to secure transactions through the use of a public and private
cryptographic key pair. It assumes the use of public key cryptography which is
the most common method on a network for encrypting a message or authenticating
a message sender.
The public part of an asymmetric key pair that is typically used to verify
signatures or encrypt data.
SCIF (Sensitive Compartmented Information Facility)
A physical area where sensitive information may be stored, used, or processed.
SCVP (Server Certificate Validation Protocol)
A method of determining the ability to trust the issuer of a certificate from
outside of the user’s own enterprise. A crucial component of certificate
validation when dealing with federated environments and multiple certificate
authorities such as the United States government.
A cryptographic key that must be protected from unauthorized disclosure to
protect data encrypted with the key.
SHA (Secure Hash Algorithm)
A one-way algorithm that computes a fixed-length message (known as a message
digest) of an input message of any length.
SP (Special Publications)
NIST publications that provide information and guidance that support specific
standards, eliminating the need to revise the entire standard.
TPK (TWIC Privacy Key)
A unique encryption key accessible from a TWIC’s magnetic stripe or contact
interface establishing a secure channel for biometric data transfer.
TWIC (Transportation Worker Identification Credential)
A PIV compatible credential for personnel that require unescorted access to
secure areas regulated facilities and vessels. The credential includes a TWIC
privacy key for encryption of a biometric that is passed over the contactless
The process of determining that the system under consideration meets in all
respects the specification of that system.