Maintaining security while accommodating a more mobile workforce has been a challenge for the federal government.
That’s why the National Institute of Standards and Technology on Thursday issued updated security standards to address the new security challenges a technologically advanced and mobile-driven environment pose.
The updated “Federal Information Processing Standard 201-2 Personal Identity Verification of Federal Employees and Contractors” requires stronger authentication credentials and includes lessons learned from federal agencies and more support for mobile devices, according to the NIST site.
FIPS 201-2 boosts security for PIV cards, which grant federal employees and contractors access to government facilities and computer systems.
Hildegard Ferraiolo, a NIST computer scientist and co-author of the document, hopes the new standard will allow for a little more flexibility and for more credentials to be issued.
“The new standard will keep up to date with technology, and be more secure and interoperable across government,” she told FedScoop.
New FIPS 201-2 standards include a credential option for use in mobile devices for increased security. The standard also calls for more biometric security measures, including an on-card fingerprint comparison and on-card iris template. Both biometric measures are optional and depend on the level of security each agency or department wants.
The standard will also make it substantially easier to remotely update a PIV card. With the original FIPS 201 document from 2005, all PIV cards were required to have an integrated circuit chip that stored electronic credentials and biometric data such as fingerprints or photos.
“Offering a strong credential provides better identity assurance as to who you are,” Ferraiolo explained. “The standard can be updated every five years, if needed, and agencies wanted to incorporate their years of experience in a fresher revision.”
The standard is effective immediately. All agencies are expected to issue new PIV cards with the mandatory features required by the standard within the year.