Working with NIST and Microsoft to Advance Secure Credential Management on Mobile Devices

The multiple security breaches that have rocked the foundation of the U.S. Government prove that multi-factor authentication needs to be implemented as a universal standard. The next big challenge in a proactive approach to cybersecurity is mobile devices.

For the past few months, we’ve had the pleasure of working alongside the National Institute of Standards and Technology (NIST) and Microsoft to co-author a report that promotes the use of Derived Personal Identity Verification (PIV) Credentials for multi-factor mobile authentication.

NIST, a non-regulatory agency of the United States Department of Commerce, invited us to apply our technical knowledge and real-world examples to their Inter-Agency Report 8055 – a compilation of proof of concept research into Derived PIV Credentials.

We were able to demonstrate, through the application of MyID, that the specific requirements for Credential Management Systems mapped out by NIST in their Special Publication 800-157, can be met.

The intended audience for the report is cybersecurity experts who have a responsibility to implement NIST standards and develop broad-based cybersecurity programs. A public comments period on the report is now open until August 24, 2015.

Working with NIST to develop this proof of concept document validates that the technology already exists to vastly improve both cyber and mobile security for governments, companies and individuals. And for those building a cybersecurity approach that incorporates mobile devices – derived credentials allows them to do just that.

*NIST does not explicitly endorse or recommend any company or products in their reports but seek to leverage industry insights and a pedigree of security leadership expertise.