Derived credentials will let feds use smartphones for ID
August 29, 2016
Government agencies will soon be able to replace the familiar Personal Identity Verification card with a smartphone equipped with a secure chip, two vendors say.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The National Institute of Standards and Technology is seeking public comment on a proposed update to its document on securing mobile devices, Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Revision 1).
According to NIST, the revised guidance recommends using software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices used for government business.
The new NIST guidelines offer recommendations for selecting, implementing and using centralized management technologies for securing mobile devices.
"Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats," said document co-author and NIST guest researcher Karen Scarfone.
The draft also recommends developing system threat models for mobile devices and those resources accessed through them, instituting a mobile device security policy, implementing and testing a prototype of the mobile device solution before putting it into production, securing each organization-issued mobile device before allowing a user to access it and maintaining mobile device security regularly, the agency said.
The document does not discuss laptops because security controls are different for those than smart phones and tablets. Basic cell phones are also not covered.