Skip to main content

Derived credentials are the personal identity verification (PIV) credentials that are derived from a common access card (CAC). They are stored as a soft token on the user's mobile device in order to access critical apps and information.

At Cybercon 2015 everyone was talking to us about derived credentials, a roadblock agencies are facing as they adopt mobile technologies in the public sector. NIST (National Institute of Standards and Technology) has issued a directive that requires PIV and CAC for authentication and access, a security framework that is most easily implemented with buildings, desktops or laptops with convenient card readers. On mobile it is much more difficult to be compliant.

Agencies are moving to implement derived credentials in order to equip people in the field with mobile devices and, even more critically, the mobile apps that allow them to access sensitive information or gather intelligence in real-time.

Reinhard Schumak, VP of Public Sector Solutions, joined me for a discussion about how they work, why they're a hot topic, and a few agency use cases. Listen to this special episode of the Life in the Mobile Enterprise (LiME) podcast to learn more about derived credentials.

Download "How to Secure, Deploy, and Manage Mobile Apps in Highly Secure Settings" to learn more about app governance in the public sector. Or contact us to discuss mobile app security solutions.


Email feedback to

More podcasts

Mar 05, 2018

Podcast: Keep Mobile Projects Alive with the Right Steering Committee

A new episode, Keep Mobile Projects Alive with the Right Steering Committee, is now available on the “
Read more

Mar 05, 2018

Podcast: Welcome to LiME

This week we're introducing a new podcast, "Life in the Mobile Enterprise (LiME)," now available on
Read more

Apr 17, 2017

Inside Arxan's Acquisition of Apperian

In this episode of the Life in the Mobile Enterprise (LiME) podcast, Maribel Lopez, Principal
Read more