U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Updates 2016

A NIST Draft Whitepaper titled "Best Practices for Privileged User PIV Authentication" is available for public comment.
February 05, 2016

NIST is releasing a new best practices guide for public comment, Best Practices for Privileged User PIV Authentication. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015. The CSIP requires federal agencies to use Personal Identity Verification (PIV) credentials for authenticating privileged users. The paper outlines the risks of password-based single-factor authentication, explains the need for multi-factor PIV-based user and provides best practices for agencies to implementing PIV authentication for privileged users. 
 
The public comment period closes on: March 4, 2016.
Send comments to csip-pivforprivilege@nist.gov with “Comments on PIV Credential for privileged use” in the subject line. 
 
 

Related Topics

Security and Privacy: authentication, Personal Identity Verification

Laws and Regulations: Cybersecurity Strategy and Implementation Plan

Created December 21, 2016, Updated June 22, 2020