atsec information security, a laboratory for the GSA FIPS 201 Evaluation Program which runs a product approval program for PIV-related products destined for the U.S. federal market, has announced the successful GSA FIPS 201 evaluation of Codebench’s PIVCheck Desktop Edition and PIVCheck Mobile Edition.
As a result of its evaluation, atsec has determined that the Codebench products meet FIPS 201 requirements on behalf of the GSA Evaluation Program. These products are now listed on the FIPS 201 Evaluation Program Approved Product List. The list only includes products and services that are in compliance with the current version of the Standard and its supporting NIST Special Publication 800-116, which provides recommendations for the use of PIV Credentials in physical access control systems.
Codebench is the first company with solutions evaluated for GSA product category CAK Authentication System, as well as Caching Status Proxy, PIV Authentication System, and CHUID Authentication System.
CAK authentication is a reader-to-card challenge/response protocol that ensures that the PIV credential is genuine and is not a forgery or clone, while CHUID authentication involves verifying that the credential’s CHUID, or cardholder unique identifier, has not been altered.
Both CAK and CHUID authentication can be performed over the card’s contactless interface and do not require a PIN. Contactless verification of PIV credentials will likely become a requirement for both high and very high assurance access control readers.
The product entries are included on the GSA FIPS 201 Evaluation Program Approved Product List at here.