Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Monday - Friday, 4-7 p.m.
In Depth with Francis Rose features daily interviews with top government executives and contractors. Listen live from 4 to 7 p.m. or download his archived interviews on our daily show blogs.
NIST adds mobile flavor to revised draft HSPD-12 guidance
Monday - 7/9/2012, 3:09pm EDT
Agencies would create a secure representation of the HSPD-12 credential on a smartphone or tablet computer, which would then communicate with the back end systems giving the employee safe access to the network.
The option for derived credentials along with traditional identity-card security data is one of several changes NIST is proposing under the draft revised Federal Information Processing Standard 201-2. The agency released the first draft of the updated Personal Identity Verification (PIV) guidance in March 2011 and reviewed more than 91 comments to develop the draft update FIPS.
"The revised draft FIPS 201-2 continues to require every cardholder to be issued an ISO/IEC 7810 form factor PIV card, but it introduces the ability to issue PIV derived credentials, which may be provisioned to devices other than an ISO/IEC 7810 form factor," NIST wrote in the response to the comments on derived credentials.
NIST will hold a public workshop July 25 in Gaithersburg, Md., to discuss this and the other revisions.
In addition to the mobile change, NIST is recommending the use of a virtual contact interface for the secure messaging capability. NIST said the use of VCI would let user access all the functionality of the PIV Card.
Comments on draft called for clarification
A dozen commenters asked NIST to clarify the difference between reissuance and renewal of PIV Cards.
NIST said "renewal applies when a valid PIV Card is replaced with a new card and that PIV Card reissuance applies when a new PIV Card is issued to replace a lost, stolen, or damaged card. PIV Card reissuance also applies when a card is replaced because one or more of its logical credentials have been compromised."
The revised FIPS 201-2 comes as agencies are under pressure from the Office of Management and Budget for employees to use the smart identity cards to log onto their computer networks. OMB and the Homeland Security Department issued a memo in February 2011 requiring agencies to use their HSPD-12 cards for logical access for all current systems by fiscal 2012.
The Government Accountability Office reported in September that the agencies they reviewed made limited progress in using the secure ID cards for computer access.
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.