Intercede announces new guide to mobile device authentication for federal agencies
Intercede has announced the launch of a cybersecurity guidance resource for federal agencies required to authenticate individuals through mobile devices for access to information systems and applications. The resource is the result of a two-year collaboration with the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE).
The second draft of NIST Special Publication (SP) 1800-12, Derived Personal Identity Verification (PIV) Credentials outlines practical, interoperable security approaches, created in collaboration with Intercede and other vendors. Intercede’s contribution includes reference software and technical consultancy.
“Federal government has always had a strong desire to mobilize its workforce. However, until now it has been blocked by numerous technical and operational challenges,” says Intercede CTO Chris Edwards. “Intercede has developed the technology to significantly improve mission-critical systems, but without clear, independent recommendations for deployment, the uptake has and will continue to be slow. Multi-factor authentication urgently needs to become the de facto standard for government security. This is why Intercede has collaborated with the NCCoE in the architectures documented in the practice guide that will vastly improve cybersecurity for federal agencies, with derived PIV credentials for mobile devices at the core.”
The White House Office of Management and Budget found in a recent report that nearly three quarters of the 96 federal agencies it assessed are “at risk” or “high risk” of cyberattack, and Intercede cites a recent survey that found more than 60 percent of federal agencies have experienced a security incident involving a mobile device. The new practice guide is intended to help federal agencies and other organizations reduce risk and cost associated with implementing unnecessary or additional technologies, while ensuring compliance with federal directives.
“Collaborating with stakeholders such as federal agencies, businesses, technology providers, and integrators to produce viable cybersecurity solutions is key to the NCCoE’s success,” comments computer scientist and NCCoE’s Derived PIV Credentials Project team project lead Bill Newhouse. “The Derived PIV Credentials Practice Guide is another successful example of how these stakeholders engage with the NCCoE to produce solutions to real-world problems such as protecting IT systems through implementation of secure authentication standards.”
The draft is available for download from the NCCoE website.