Use MyID® CMS to replace employee passwords with FIPS 201 compliant derived PIV credentials.

The use of mobile devices has accelerated rapidly in recent years, potentially compromising the high levels of security necessary for remote access, particularly within federal government agencies where the Personal Identity Verification (PIV) program ensures secure access to resources. 

To mitigate this risk, the National Institute of Standards and Technology (NIST) has defined the use of a ‘derived credential’ for use on mobile devices. With derived credentials, the cryptographic credential is stored securely on a mobile device, and can be used to provide secure access to agency systems, services and data from smartphones, tablets and laptops. There’s no need for a dedicated reader, and there’s much more flexibility for users.

Importantly, for a fully SP880-157 compliant derived PIV credential the credential that is derived to a secondary device must be bound back to the original identity with a primary credential, this combination enables self-service collection and maintains the chain of security.   

MyID is currently deployed and trusted by multiple US Federal agencies, and delivers a complete derived credential solution using currently available components and services. Federal Government agencies and commercial organisations are equally able to ensure secure mobilization of their employees, contractors and customers with derived credentials delivered by MyID.

MyID CMS can issue Derived PIV Credentials to any PIV credential holder, regardless of whether the original credential was issued by MyID or a third-party issuer, either on-premises or via a managed service. It was the first Derived PIV Credential solution to receive an Authority to Operate (ATO) for a Federal agency and supports smartphones (iOS and Android)tablets (iOS, Android & Windows), and a range of additional PKI and FIDO devices.

NIST have issued helpful guidelines for deploying derived credentials.

Read the NIST Derived Credential Guide

read now



MyID has been deployed by multiple governments and commercial organazations and has issued millions of mobile credentials in high security environments fully compliant with government security policies.  

Simple integration

Out-the-box connectors to certificate authorities (CA), middleware, LDAP directories, hardware security modules (HSM), enterprise mobile management (EMM), and a variety of end user technology for a plug-and-play level of integration.

Easy to use

Simple web-based end user self-service enables users to collect their own credentials with no operator support, reducing costs and speeding time to deployment.


Issue derived credentials in the way you wish to the devices you choose, be that fully SP7800-157 / NIST SP800-63B compliant, or to your own chosen policies, including verification of device ownership and policy against your MDM.


Want to know more?

If you are ready to book a demo, simply click the button below and we will arrange a demo

demo request

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defense systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.