The use of mobile devices has accelerated rapidly in recent years, compromising the high levels of security necessary for remote access, particularly within federal government agencies where the Personal Identity Verification (PIV) program ensures secure access to resources.
To mitigate this risk, the National Institute of Standards and Technology (NIST) has defined the use of a ‘derived credential’ for use on mobile devices. With derived credentials, the cryptographic credential is stored securely on a mobile device, and can be used to provide secure access to agency systems, services and data from smartphones, tablets and laptops. There’s no need for a dedicated reader, and there’s much more flexibility for users.
MyID is currently deployed and trusted by 16 US Federal agencies, and delivers a complete derived credential ecosystem using currently available components and services. Federal Government agencies and commercial organisations are equally able to ensure secure mobilisation of their employees, contractors and customers with derived credentials delivered by MyID.
MyID can issue Derived PIV Credentials to any PIV credential holder, regardless of whether the original credential was issued by MyID or a third-party issuer, either on-premises or via a managed service. It was the first Derived PIV Credential solution to receive an Authority to Operate (ATO) for a Federal agency and supports both smartphones (iOS, Android, Windows & BlackBerry) and tablets (iOS, Android & Windows).
NIST have issued helpful guidelines for deploying derived credentials.