PROVIDING A BEST PRACTICE FRAMEWORK FOR DERIVED PERSONAL IDENTITY VERIFICATION (PIV) CREDENTIALS

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) are the United States’ leading body in providing real world, best practice architectures for federal agencies and companies to overcome specific cybersecurity challenges.

THE CHALLENGE

With the introduction of a new Federal Information Processing Standard (FIPS), specifically FIPS 201-2; Personal Identity Verification (PIV) of Federal Employees and Contractors, federal government had a new opportunity to take advantage of new technologies for the secure authentication of their employees and contractors.

The original standard (FIPS 201) was published in 2005 and as such was focused on setting multi-factor authentication standards, using public key infrastructure (PKI), for technology in use at that time; largely desktop and laptop computers.

FIPS 201 therefore was focused on users being issued with a PIV smart card to provide common multi-factor authentication via their desktop computers and laptops using in-built or auxiliary smart card readers.

Fast forward to today and the technology landscape has changed significantly – the computing power of mobile phones has changed exponentially while tablets and hybrid computers are all now prevalent alongside new identity form factors like the USB token.

The limitations of PIV smart cards to work with the technology that federal employees of 2020 want to use day-to-day as part of their jobs was plain to see.

To extend the use of PIV systems into mobile devices, tablets, and laptops (without in-built smart card readers), NIST developed technical guidelines on the implementation and life cycle of identity credentials that are issued by federal departments and agencies to individuals who possess and prove control over a valid PIV Card.

NIST published guidelines to indicate how derived PIV credentials would enable the federal sector to leverage proofing and vetting results of current and valid PIV credentials and derive those credentials to other secure technologies for multi-factor authentication, such as mobile devices.
The guidelines are also relevant to many companies, particularly key government suppliers who look to meet federal standards.

THE BENEFITS

OPTIMUM SECURITY

By configuring certificate and device issuance policies, MyID ensures the right people receive the right digital identities, while also freeing up IT support as employees can collect new certificates to their own devices through a simple self-service application.

EASY TO MANAGE 

By providing a single integrated solution for sponsoring, enrolling, approving, issuing, and managing the lifecycle of users and PIV credentials, it also simplifies the process with workflows for the helpdesk to issue replacement devices when lost or re-enable locked devices.

FULL AUDITABILITY 

Maintains full auditability and reporting capabilities – allowing visibility of who issued which digital identities, to which users, and on what device; helping with audits and proof of compliance with federal policy.

ULTIMATE INTEGRATION FLEXIBILITY

MyID PIV is developed to work with the IT architecture you already have, minimizing impact on your existing environment and speeding up deployment.

Download the case study

Within this Case study understand why NIST NCCOE included MyID PIV credential management as part of their best practice derived PIV solution.

DOWNLOAD

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defense systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.