U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Other (Initial Public Draft)

Best Practices for Privileged User PIV Authentication

Date Published: February 5, 2016
Comments Due: March 4, 2016 (public comment period is CLOSED)
Email Questions to: csip-pivforprivilege @nist.gov

Author(s)

National Institute of Standards and Technology, National Institute of Standards and Technology

Announcement

This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requiring Federal agencies to use Personal Identity Verification (PIV) credentials for authenticating privileged users. The paper outlines the risks of password-based single-factor authentication, explains the need for multi-factor PIV-based user and provides best practices for agencies to implementing PIV authentication for privileged users.

Abstract

Keywords

authentication; Cybersecurity Strategy and Implementation Plan (CSIP); Derived PIV ; Credential; identification; multi-factor authentication; Personal Identity Verification (PIV); PIV ; Card; privileged access; privileged user
Control Families

Access Control; Identification and Authentication; System and Communications Protection

Documentation

Publication:
Draft White Paper (pdf)

Supplemental Material:
None available

Document History:
02/05/16: Other (Draft)
04/21/16: CSWP 4 (Final)