FIPS 201-2 Provides Biometric Options for Stronger Authentication
New personal identity verification standards issued by the National Institute of Standards and Technology could make it easier for individuals to access sensitive files on secured IT systems from their mobile devices.
NIST says its revised guidance, Federal Information Processing Standards 201-2: Personal Identity Verification of Federal Employees and Contractors, furnishes a stronger authentication credential that combines new technology and incorporates lessons learned from federal agencies.
“Offering a strong credential provides better identity assurance as to who you are,” says Hildegard Ferraiolo, a NIST computer scientist who co-authored the document.
Although NIST guidance is created for federal government agencies, it often is adopted by other governments – in the U.S. and abroad – as well as private-sector organizations.
Listening to Government Agencies
Under FIPS 201-2, mobile devices, such as smart phones and tablets, can be programmed with the revised standards.
Until now, departments and agencies faced limits on how employees could log in to their networks using mobile devices. For instance, mobile devices would need an attached reader to capture the PIV credentials. “Such solutions are not always practical or desired by federal agencies and departments,” Ferraiolo says.
NIST, responding to requests from departments and agencies, developed the new PIV credential to reside on the mobile device, making it easier to authenticate services from mobile devices that access enterprise resources and portals. “The ability to authenticate to enterprise portals via the mobile device increases security,” she says.