With the rush to comply with the NIST SP 800-171 multifactor authentication (MFA) requirements, many organizations, are hastily implementing technology platforms that either end up having to be replaced or changed to meet their longer-term enterprise security needs. For example, they may invest in a product that can allow them to implement a multifactor authentication security for a single system quickly, but end up finding out the system does not provide the trust required to use for business to government commerce. Thus, when the government informs the organization they must use a high assurance credential to access their systems, the organization has to update their platforms to issue PIV based credentials.
Doing it right the first time, PIV-C
Over the past decade, NIST, (the same publishers of the SP 800-171 publication) have been working to continuously evolve an identification and MFA standard using Chip+Pin based Smart ID cards… known as the Personal Identity Verification (PIV) standard. This PIV standard represents the highest in identity assurance, requiring users to be fully fingerprinted and cleared before they can receive their PIV ID Card and has revolutionized the way the U.S. Government issues their ID cards.
Through years of evolution and improvement, the PIV standard was even refined for industry in a manner that could even allow corporate organizations to leverage the power of PIV for security. This decade of evolution has also had numerous positive market impacts. Now all major operating system and remote access platform provide out of the box support for PIV cards without the need to buy additional third party software allow organizations to standardized their MFA issuance methods. Furthermore, even the FIDO Alliance, which is the world’s largest ecosystem for standards-based interoperable authentication, supports the PIV specification for its standardization and interoperability. In short, PIV is going to be the standard of the future.
As an organization, there are numerous near-term benefits to select PIV-C. Based on our years of experience, we have highlighted to top 6 reasons below:
Standardized = Futureproof: The PIV ID badge internals has been standardized over the past decade to the point all major operating system vendors support the cards out of the box without additional software.
One issuance, Multiple Uses: The ID badge also can be utilized for many different usages including physical access, message protection via encryption and even electronic document signing. With PIV, and organization can receive so much usage from one investment.
Keep your account information private: Many MFA shared service providers require the organization to share the names and email addresses of their users to implement their MFA solution. With new PIV MFA systems, organizations can now directly install PIV issuance system in-house within minutes on their premise or in a secure cloud of their choosing. Along with the evolution of the technical standards, a development in the marketplace has also occurred. It is now easier than ever to set up a PIV based MFA platform within minutes.
Scale to mobile devices (with the same platform): The ID card can also be used as a seed to install MFA keys on mobile devices. This approach allows an organization to streamline their enrollment process, so the end user just needs to use their ID badge as a means to embed MFA keys on their mobile devices without having to undergo another identity enrollment process. Also, modern operating systems allow users to start using their PIV based cards for logon almost immediately with no extra software to deploy.
Difficult to hack: The computing chip within the ID card is the key to one of the best security features of the platform…separation. By having a chip that is completely separate from the operating system, all of the attacks that are typically used to steal identification credentials are rendered useless. The ID card’s computing chip has a completely separate security zone that is resistant to brute force attacks and data extraction techniques. This makes the Smart ID card platform the most secure MFA platform. So secure, it is trusted by the military.
Easily Extend to PIV-I: With the PIV-C infrastructure in place, organizations can easily upgrade to support the PIV-I MFA model which enables the U.S. Government and other commercial organizations to trust the organization’s ID badges without the need for a separate issuance system.
Comment below to share your thoughts on this blog post!