Date Published: February 5, 2016
Comments Due:
Email Questions to:
Author(s)
National Institute of Standards and Technology, National Institute of Standards and Technology
Announcement
This draft white paper is a best practices guide. The paper is in response to the Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requiring Federal agencies to use Personal Identity Verification (PIV) credentials for authenticating privileged users. The paper outlines the risks of password-based single-factor authentication, explains the need for multi-factor PIV-based user and provides best practices for agencies to implementing PIV authentication for privileged users.
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that Federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users. This will greatly reduce unauthorized access to privileged accounts by attackers impersonating system, network, security, and database administrators, as well as other information technology (IT) personnel with administrative privileges. This white paper further explains the need for multifactor PIV-based user authentication to take the place of password-based single-factor authentication for privileged users. It also provides best practices for agencies implementing PIV authentication for privileged users.
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that Federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users. This will greatly reduce unauthorized access...
See full abstract
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that Federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users. This will greatly reduce unauthorized access to privileged accounts by attackers impersonating system, network, security, and database administrators, as well as other information technology (IT) personnel with administrative privileges. This white paper further explains the need for multifactor PIV-based user authentication to take the place of password-based single-factor authentication for privileged users. It also provides best practices for agencies implementing PIV authentication for privileged users.
Hide full abstract
Keywords
authentication; Cybersecurity Strategy and Implementation Plan (CSIP); Derived PIV ; Credential; identification; multi-factor authentication; Personal Identity Verification (PIV); PIV ; Card; privileged access; privileged user
Control Families
Access Control; Identification and Authentication; System and Communications Protection
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
