Derived PIV Credentials

Download the Practice Guide

The NCCoE has released the final version of NIST Cybersecurity Practice Guide SP 1800-12, Derived PIV Credentials. Use the buttons below to view this publication in its entirety or scroll down for links to a specific section.

Download PDF »Open Web Version »

The NCCoE released a final version of the NIST Cybersecurity Practice Guide SP 1800-12 Derived Personal Identity Verification (PIV) Credentials on August 27, 2019.

For ease of use, the guide is available in volumes:

SP 1800-12a: Executive Summary (PDF) (web page)
SP 1800-12b: Approach, Architecture, and Security Characteristics (PDF) (web page)
SP 1800-12c: How-To Guides (PDF) (web page)

Or download the complete guide (PDF) (web page).

Read the two-page fact sheet for a brief overview of this project.

If you have questions or suggestions, please email us at piv-nccoe@nist.gov.

In 2005, Personal Identity Verification (PIV) credentialing focused on authentication through traditional computing devices, such as desktops and laptops, where a PIV card would provide a common authentication through integrated smart card readers. Today, the proliferation of mobile devices that do not have integrated smart card readers complicates PIV credentials and authentication.

Derived Personal Identity Verification (PIV) Credentials helps organizations authenticate individuals who use mobile devices and need secure access to information systems and applications.

The project demonstrates a feasible security platform based on federal PIV standards that leverages identity proofing and vetting results of current and valid PIV credentials to enable two-factor authentication to information technology systems via mobile devices while meeting policy guidelines. Although the PIV program and the NCCoE Derived PIV Credentials project are primarily aimed at the federal sector’s needs, both are relevant to mobile device users in the commercial sector using smart card-based credentials or other means of authenticating identity and supports operations in federal (PIV), non-federal critical infrastructure (PIV-interoperable or PIV-I), and general business (PIV-compatible or PIV-C) environments.

The NCCoE reference design includes the following capabilities:

authenticate users of mobile devices using secure cryptographic authentication exchanges
provide a feasible security platform based on Federal Digital Identity Guidelines
utilize a public key infrastructure (PKI) with credentials derived from a PIV card
support operations in a PIV, PIV-Interoperable (PIV-I), and PIV-Compatible (PIV-C) environments
Issue PKI-based derived PIV credentials at authenticator assurance level (AAL) 2
provide logical access to remote resources hosted either in a data center or the cloud

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

_{Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.}

Join Our Community of Interest

Interested in joining the Derived PIV Credentials Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.