Date Published: February 5, 2016
Comments Due: March 4, 2016 (public comment period is CLOSED)
Email Questions to:
csip-pivforprivilege @nist.gov
This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requiring Federal agencies to use Personal Identity Verification (PIV) credentials for authenticating privileged users. The paper outlines the risks of password-based single-factor authentication, explains the need for multi-factor PIV-based user and provides best practices for agencies to implementing PIV authentication for privileged users.
Access Control; Identification and Authentication; System and Communications Protection
Publication:
Draft White Paper (pdf)
Supplemental Material:
None available
Document History:
02/05/16: Other (Draft)
04/21/16: CSWP 4 (Final)
authentication, Personal Identity Verification
Laws and RegulationsCybersecurity Strategy and Implementation Plan, Homeland Security Presidential Directive 12