*While the example implementation uses certain products, including MyID, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
NIST DERIVED CREDENTIAL GUIDELINES
Over the past several months, Intercede has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a cybersecurity project for the federal sector.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address government and businesses’ most pressing cybersecurity challenges. I’m excited to share that the NCCoE has just released a second draft practice guide entitled NIST SP 1800-12, Derived Personal Identity Verification (PIV) Credentials.
The guide explores methods that federal and commercial organizations can use to extend the identity proofing and authentication associated with PIV Cards to mobile devices. The guide also maps security characteristics to standards, guidance, and best practices from NIST, including the Homeland Security Presidential Directive-12 and related Federal Information Processing Standard 201 specifications.
To complete this guide, the NCCoE also collaborated with these technology vendors: Entrust Datacard, IBM, Intel, Intercede, MobileIron, Verizon, and VM Ware.
The draft is available for download on the NCCoE website. Please share your thoughts with the NCCoE on this step-by-step guide to help make it better. The comment period is now open and will close on October 1, 2018.
This practice guide can help federal agencies and other organizations that use smart-card-based credentials or other means of authentication identity reduce their risk by showing how commercially available technologies, like Intercede’s MyID*, can be used to extend the identity proofing and authentication associated with PIV Cards to mobile devices. The NCCoE and we think the guide helps meet a critical cybersecurity need, but we’d like to hear from you.
Collaborating with stakeholders such as federal agencies, businesses, technology providers, and integrators to produce viable cybersecurity solutions is key to the NCCoE’s success. The Derived PIV Credentials Practice Guide is another successful example of how these stakeholders engage with the NCCoE to produce solutions to real-world problems such as protecting IT systems through implementation of secure authentication standards.