Mobility

NIST releases new guidelines for deploying PIV credentials to mobile devices

iPhone 5

The National Institute for Standards and Technology has released new guidelines for public comment regarding Derived Personal Identity Verification credentials.

The draft Special Publication (SP) 800-157, released March 7, defines technical specifications for implementing and deploying Derived PIV credentials to smartphones, tablets, iPads and other mobile devices.

The draft guidelines are essentially the government’s response to the challenges encountered in authenticating mobile devices.

While the Federal Information Processing Standard 201 developed in the mid-2000s created a common set of credentials that is used government-wide, mobile devices don’t have integrated smart card readers to provide the same kind of authentication. Some agencies use a combination of a PIV card and separate card readers for mobile device authentication, and others might use near field communication to read PIV cards from NFC-enabled mobile devices.

SP 800-157 addresses the latter option, in which a derived token is deployed directly on an agency-issued mobile device.

“SP 800-157 does not address use of the PIV Card with mobile devices, but instead provides an alternative to the PIV Card in cases in which it would be impractical to use the PIV Card,” the guidelines state. “Instead of the PIV Card, SP 800-157 provides an alternative token, which can be implemented and deployed directly on mobile devices (such as smart phones and tablets).” This is the  “derived PIV credential.” NIST said the “use of a different type of token greatly improves the usability of electronic authentication from mobile devices to remote IT resources.”

The derived credential is viewed by many as an important milestone in government in terms of maximizing the effectiveness of mobile technology, and NIST guidance combined with industry feedback will play a key role in its creation and potentially in shaping future mobile polices.

“Even though we’ve been patiently waiting for the NIST document, that is only one step that needs to occur for derived credential,” said Mark Norton, a senior engineer at the Defense Department. Norton was one of several panelists who spoke at the Federal Mobile Computing Summit on March 7 in Washington.

“There are many things that need to fall into place,” Norton added.

The public comment period runs through April 21. 

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.