NCCoE Releases Final Practice Guide on Derived PIV Credentials

The National Cybersecurity Center of Excellence (NCCoE) is pleased to announce that the final version of the National Institute of Standards and Technology (NIST) Special Publication (SP) 1800-12, Derived Personal Identity Verification (PIV) Credentials, is now available.

What is a Derived PIV Credential?

The federal government relies on PIV cards to securely authenticate and identify employees and contractors when granting access to federal facilities and information systems. While PIV card access works well on desktop computers and some laptops, it can be tricky, or just plain cumbersome to access federal resources from a mobile phone or tablet using a PIV card.

A Derived PIV Credential leverages identity proofing and vetting results of current and valid credentials used in government-issued PIV cards by enabling secure storage of an equivalent credential on devices that don’t have PIV card readers.

Reduce Your Learning Curve to Implement Derived PIV Credentials and Improve Workplace Productivity

The NCCoE guide demonstrates, step-by-step, how organizations can use standards-based, commercially available technologies—following the guidelines in NIST SP 800-157, Guidelines for Derived Personal Identity Verification Credentials—to enable access to information systems and websites from mobile devices that lack PIV card readers. Using the guide, agencies will be able to leverage mobile devices in ways that offer greater flexibility for users and potentially enable higher levels of employee productivity and satisfaction.

The final practice guide, which incorporates comments from the public and other stakeholders, is available for download in PDF or web viewing.