Dec 09, 2015
Derived Credentials for Mobile, a New Endpoint in the Public Sector
Derived credentials are the personal identity verification (PIV) credentials that are derived from a common access card (CAC). They are stored as a soft token on the user's mobile device in order to access critical apps and information.
At Cybercon 2015 everyone was talking to us about derived credentials, a roadblock agencies are facing as they adopt mobile technologies in the public sector. NIST (National Institute of Standards and Technology) has issued a directive that requires PIV and CAC for authentication and access, a security framework that is most easily implemented with buildings, desktops or laptops with convenient card readers. On mobile it is much more difficult to be compliant.
Agencies are moving to implement derived credentials in order to equip people in the field with mobile devices and, even more critically, the mobile apps that allow them to access sensitive information or gather intelligence in real-time.
Reinhard Schumak, VP of Public Sector Solutions, joined me for a discussion about how they work, why they're a hot topic, and a few agency use cases. Listen to this special episode of the Life in the Mobile Enterprise (LiME) podcast to learn more about derived credentials.Download "How to Secure, Deploy, and Manage Mobile Apps in Highly Secure Settings" to learn more about app governance in the public sector. Or contact us to discuss Apperian's mobile app security solutions.
Email feedback to firstname.lastname@example.org