Description |
1 online resource (241 pages) : color illustrations |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
Series |
NIST special publication ; 1800-12 |
|
NIST special publication ; 1800-12.
|
Note |
"August 2019." |
Bibliography |
Includes bibliographical references. |
Contents |
volume A. Executive summary -- volume B. Approach, architecture, and security characteristics -- volume C. How-to guides. |
Summary |
Federal Information Processing Standards (FIPS) Publication 201-2, 'Personal Identity Verification (PIV) of Federal Employees and Contractors, ' establishes a standard for a PIV system based on secure and reliable forms of identity credentials issued by the federal government to its employees and contractors. These credentials are intended to authenticate individuals to federally controlled facilities, information systems, and applications as part of access management. With the emergence of computing devices, such as tablets, hybrid computers, and, in particular, mobile devices, the use of Personal Identity Verification (PIV) Cards has proved to be challenging. To extend the value of PIV systems into mobile devices that do not have PIV Card readers, NIST developed technical guidelines on the implementation and life cycle of identity credentials that are issued by federal departments and agencies to individuals who possess and prove control over a valid PIV Card. These NIST guidelines, published in 2014, describe Derived PIV Credentials (DPCs) that leverage identity proofing and vetting results of current and valid PIV credentials. To demonstrate the DPC guidelines, the NCCoE at NIST built two security architectures by using commercial technology to enable the issuance of a Derived PIV Credential to mobile devices that use Federal Identity Credentialing and Access Management shared services. One option uses a software-only solution while the other leverages hardware built into many computing devices used today. This project resulted in a freely available NIST Cybersecurity Practice Guide that demonstrates how an organization can continue to provide multifactor authentication for users with a mobile device that leverages the strengths of the PIV standard. Although this project is aimed primarily at the federal sector's needs, it is also relevant to mobile device users with smart- card-based credentials in the private sector. |
Note |
Online resource; title from PDF title page (viewed August 27, 2019). |
Subject |
Computer security.
|
|
Smart cards.
|
|
Computer security. (OCoLC)fst00872484
|
|
Smart cards. (OCoLC)fst01121546
|
Indexed Term |
Derived PIV Credential (DPC) |
|
Enterprise Mobility Management (EMM) |
|
Mobile devices |
|
Mobile threats |
|
Multifactor authentication |
|
Personal identity verification (PIV) |
|
PIV card |
Added Author |
National Cybersecurity Center of Excellence (U.S.), issuing body.
|
Gpo Item No. |
0247 (online) |
Sudoc No. |
C 13.10:1800-12 |
|