featured
partners

You are here:

  • Home
  • NIST releases new practice guide for derived PIV credentials

NIST releases new practice guide for derived PIV credentials

06 August, 2018

By: Chris Corum

category: Digital ID, Government

NIST’s National Cybersecurity Center of Excellence (NCCoE) recently released a second draft of the NIST Cybersecurity Practice Guide SP 1800-12 Derived Personal Identity Verification (PIV) Credentials. The new draft document is available online, and feedback and public comment will be accepted through October, 1, 2018

Although the PIV and the NCCoE Derived PIV Credentials project are primarily aimed at the federal sector, both are relevant to mobile device users in the commercial sector using smart card-based credentials as well

This document is part of the NCCoE’s effort to address the challenge of derived PIV credentials through collaboration with members of the information technology (IT) community, including vendors of cybersecurity solutions.

In the early days of the PIV program, authentication was required on desktops and laptops using integrated smart card readers. “Today, the proliferation of mobile devices that do not have integrated smart card readers complicates PIV credentials and authentication,” explains the NCCoE. Derived PIV Credentials can enable organizations to authenticate individuals using mobile devices.

The Practice Guide demonstrates a security platform that leverages identity proofing and vetting results of current and valid PIV credentials to enable two-factor authentication to information technology systems via mobile devices.

Although the PIV and the NCCoE Derived PIV Credentials project are primarily aimed at the federal sector, both are relevant to mobile device users in the commercial sector using smart card-based credentials as well.

The NCCoE reference design includes the following capabilities:

  • authenticate users of mobile devices using secure cryptographic authentication exchanges
  • provide a feasible security platform based on Federal Digital Identity Guidelines
  • utilize a public key infrastructure (PKI) with credentials derived from a PIV card
  • support operations in a PIV, PIV-Interoperable (PIV-I), and PIV-Compatible (PIV-C) environments
  • issue PKI-based derived PIV credentials at levels of assurance (LoA) 3

    • provide logical access to remote resources hosted either in a data center or the cloud.

Participating vendors include Entrust Datacard, IBM, Intel, Intercede, MobileIron, Verizon and VMWare.


Related articles:

PIV and multi-factor authentication The Mobile ID Experiment Derived credentials enable high assurance ID on mobile platforms

Tags: ,

recommend to friends

Close

Enter the site

Login

Password

Remember me

Forgot password?

Login
Skip to toolbar