New NCCoE Practice Guide: Derived Personal Identify Verification (PIV) Credentials

We are excited to announce the release of our latest NIST Cybersecurity Special Publication 1800-12: Derived Personal Identify Verification (PIV) Credentials. This NCCoE practice guide is a draft, and we welcome your comments and feedback.

The NCCoE has demonstrated a feasible security platform based on federal PIV standards that use Derived PIV Credentials (DPC) in a manner that meets security policies. This example implementation is documented as a NIST Cybersecurity Practice Guide, a how-to handbook that presents instructions to implement a DPC system with standards-based cybersecurity technology. This practice guide helps organizations to meet authentication standards and provide users access to the information they need using the devices they prefer without having to purchase expensive and cumbersome external smart card readers. Mobile device users are authenticated through secure cryptographic authentication exchanges using a public key infrastructure (PKI) with credentials derived from a PIV card helping to ensure that strict security policies are met.

Although the PIV program and the NCCoE Derived PIV Credentials project are primarily aimed at the federal sector’s needs, both are relevant to mobile device users in the commercial sector using smart card-based credentials or other means of authenticating identity.

The full draft practice guide is also available for download in PDF or web viewing.

We look forward to receiving your comments on this draft guide—the approach, the architecture, and possible alternatives.

Stay informed about updates, send us an email at piv-nccoe@nist.gov.