Page 45 - Cyber Warnings
P. 45
• Authenticate with an access control system that utilizes the same tool within well-defined
standards—ensuring the solution will work with a myriad of technologies, from
mainstream workstation and server operating systems to door readers and management
systems that leverage cryptographic standards
4) Highest Assurance Level. The federal government has established policy setting forth
specific identity assurance standards for various levels of trust associated with different
credential types referred to as “Assurance Level.”
This federal policy identifies four levels of identity assurance with level one being the lowest and
level four representing the highest. PIV-I credentials are considered Level of Assurance Four
(LOA4) because they meet the requirements of in-person identity proofing, hardware-based
digital certificate storage and secure issuance policy ensuring the appropriate person receives
the correct credential.
No matter what role the individual may play within the federal-nonfederal CUI paradigm, using a
PIV-I credential reinforces the security-aware mindset that is so important to ensure data and
the access to it remain secure.
5) A Mobile Credential. PIV-I can be utilized as a “derived credential,” which is carried on a
mobile device instead of a card. This option provides a cost-effective alternative to adding smart
card readers to mobile devices or replacing machines that don’t support the form factor. A
mobile device also improves productivity by accommodating employees who travel often and
rely on smartphones and computers to accomplish work tasks.
6) Simplified Access Management. Through PIV-I, system administrators can check the
status of any credential within their network, significantly reducing the lag time involved with
identifying and refusing a compromised credential.
Is Your Organization Ready?
As witnessed by the fallout of the recent Yahoo hack, the price of a major breach can be
immense. The clock is ticking toward the December 31, 2017 deadline for affected DoD
contractors to come into compliance with NIST SP 800-171.
The time to act is now; no other identity authentication paradigm has the requisite strength in its
credentialing process to match PIV-I for organizations contracting with the federal government.
45 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
