3.6 PIV card termination

The following processes apply to revoking an issued PIV card:

3.6.1 Canceling (revoking) a PIV card that is present

The Erase Card workflow is used to revoke and erase a smart card that is in the possession of the operator; the Erasing a device section in the MyID Operator Client guide.

This operation:

The following reasons immediately revoke the certificates: Lost, Stolen, Damaged, Revocation (Other).

3.6.2 Remotely canceling a PIV card that is not present

You can remotely cancel a card in the following ways:

In each of these operations, a revocation reason is supplied that determines the PKI actions that are taken. The revocation reasons perform the same actions as canceling a PIV card that is present. No change is made to the data on the card.

3.6.3 Erasing a PIV card that has been remotely canceled

When a card has been remotely canceled, it retains the electronic data held on the card. It is best practice to erase the card once it has been returned to a MyID operator.

Use the Erase Card workflow to erase the card; the Erasing a device section in the MyID Operator Client guide.

This workflow carries out the following:

3.6.4 Notifications to other systems

FIPS 201-3 requires that any databases maintained by the PIV card issuer that indicate current valid (or invalid) FASC-N or UUID values must be updated to reflect the change in status.

You can configure MyID to send notification messages containing information about card cancellations. For more information on notifications, contact customer support quoting reference SUP-222.

3.6.5 Changing the disposal status of a card

The disposal status of a canceled PIV card can be recorded in the MyID audit trail. This ensures that the card cannot be re-issued. You can use the Card Disposal workflow to set the disposal status. For information, see the Disposing of a device section in the MyID Operator Client guide.