New NIST guidance for mobile identity

The latest guidelines from NIST and NCCoE describe best practices to help you extend the security of PIV smart cards onto more convenient mobile phones and tablets.

Over the past several months, Intercede has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a cybersecurity project for the federal sector.  

The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address government and businesses’ most pressing cybersecurity challenges. I’m excited to share that the NCCoE has just released a second draft practice guide titled NIST SP 1800-12, Derived Personal Identity Verification (PIV) Credentials.   

The guide explores methods that federal and commercial organizations can use to extend the identity proofing and authentication associated with PIV Cards to mobile devices. The guide also maps security characteristics to standards, guidance, and best practices from NIST, including the Homeland Security Presidential Directive-12 and related Federal Information Processing Standard 201 specifications.

The draft is available for download on the NCCoE website. Please share your thoughts with the NCCoE on this step-by-step guide to help make it better. The comment period is now open and will close on October 1, 2018.

With our market-leading PIV credential management product, Intercede are pleased to be able to offer MyID for derived credentials as either a cloud or on-premise solution to federal agencies and related industries.

You can find more about our derived credential solutions here.

Chris Edwards
CTO
Intercede