Mobility

NIST releases new guidelines for deploying PIV credentials to mobile devices

iPhone 5

The National Institute for Standards and Technology has released new guidelines for public comment regarding Derived Personal Identity Verification credentials.

The draft Special Publication (SP) 800-157, released March 7, defines technical specifications for implementing and deploying Derived PIV credentials to smartphones, tablets, iPads and other mobile devices.

The draft guidelines are essentially the government’s response to the challenges encountered in authenticating mobile devices.

While the Federal Information Processing Standard 201 developed in the mid-2000s created a common set of credentials that is used government-wide, mobile devices don’t have integrated smart card readers to provide the same kind of authentication. Some agencies use a combination of a PIV card and separate card readers for mobile device authentication, and others might use near field communication to read PIV cards from NFC-enabled mobile devices.

SP 800-157 addresses the latter option, in which a derived token is deployed directly on an agency-issued mobile device.

“SP 800-157 does not address use of the PIV Card with mobile devices, but instead provides an alternative to the PIV Card in cases in which it would be impractical to use the PIV Card,” the guidelines state. “Instead of the PIV Card, SP 800-157 provides an alternative token, which can be implemented and deployed directly on mobile devices (such as smart phones and tablets).” This is the  “derived PIV credential.” NIST said the “use of a different type of token greatly improves the usability of electronic authentication from mobile devices to remote IT resources.”

The derived credential is viewed by many as an important milestone in government in terms of maximizing the effectiveness of mobile technology, and NIST guidance combined with industry feedback will play a key role in its creation and potentially in shaping future mobile polices.

“Even though we’ve been patiently waiting for the NIST document, that is only one step that needs to occur for derived credential,” said Mark Norton, a senior engineer at the Defense Department. Norton was one of several panelists who spoke at the Federal Mobile Computing Summit on March 7 in Washington.

“There are many things that need to fall into place,” Norton added.

The public comment period runs through April 21. 

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.