Unified Credential Management in Federal Government
This white paper, written by Chris Edwards, Chief Technical Officer at Intercede, focuses on the US Federal Government, with emphasis on the PIV program and the impending expansion to embrace new form factors and protocols.
The paper looks at the recent OMB memorandum (OMB-19-17), PKI and asymmetric cryptography using FIDO, describes the historical context and explains what new problems we need to solve. It assesses the competing and complementary technologies that are available now (or in the near future) to address these challenges.
It outlines the human factors and extended business processes that will be needed to manage an expanded set of authentication devices and then proposes solution components to achieve this.
Finally, this discourse concludes with a call to action, to bring federal credentials under strong management at the earliest opportunity, before agencies lose effective control over their expanding credential real-estate.