Datasheet

ManualsBrandsHID Identity Manualsoffice920PHPNEK00332

pivCLASS Readers Meet Any

Authentication Mode and Any

Assurance Level

“Controlled” Areas

“Exclusion” Areas

“Limited” Areas

pivCLASS

Readers

The pivCLASS Government Solution suite

includes a broad selection of readers for

agencies to meet any security level and the

NIST SP 800-116 guidelines. pivCLASS readers

work with the pivCLASS Authentication

Module

™

to meet requirements for:

 Any assurance level: controlled, limited or

exclusion.

 Any authentication mode: CHUID,

CAK, PIV + PIN, or PIV + PIN + BIO;

also, FASC-N reads for non-SP800-116

“uncontrolled” areas, and the additional

TWIC authentication modes, CHUID + BIO

and CAK + BIO.

 Nearly any card type, contact or

contactless, including PIV, PIV-I, CIV (a.k.a.,

PIV-C), TWIC, FRAC and CAC.

Additionally, pivCLASS readers provide fully

functional backward compatibility with existing

iCLASS

and HID Prox readers, easing the

transition from legacy cards to PKI-based

credentials. The readers also support bi-

directional communication to the PAM.

Assurance Levels and Authentication Modes

Most Federal facilities have likely completed a

risk assessment that designated each door and

portal as requiring an uncontrolled, controlled,

limited or exclusion assurance level. NIST SP

800-116 species which authentication modes

are required for which assurance levels. For

instance, a door leading to a high security area

will require a more advanced reader (in order

to perform additional identity checks, such

as biometric ﬁngerprint match) than a lower

security door.

Figure 1 illustrates the dierent security levels

and the attack vectors addressed by the

pivCLASS solution.

Figure 1

Secures against cards that are...

Security Area

(per NIST SP800-116

& Risk Assessment)

Authentication

Factors

Authentication

Modes

Revoked

Counterfeit

or Altered

Copied

or Cloned

Lost

or Stolen

Shared

Uncontrolled None FASC-N



Controlled 1 CHUID + VIS

 

Controlled 1 CAK

  

Limited 2 PIV + PIN

   

Exclusion 3 PIV + PIN + BIO

    

BIO: Biometric; CAK: Card Authentication Key; CHUID: Cardholder Unique Identier; FASC-N: Federal Agency Smart Credential Number; PIN: Personal Identication Number; PIV: Personal Identity Verication (PIV) Authentication Key; VIS: Visual

Meet Any Assurance Level