United States Government Agencies are required by Homeland Security Presidential Directive 12 (HSPD-12) to utilize Personal Identity Verification (PIV) cards to authenticate employees to official information systems. During a global pandemic or in other scenarios where authorized users do not have access to government furnished equipment (GFE) or cannot utilize a PIV card, using other strong authentication mechanisms becomes necessary and unavoidable.
U.S. Government Agencies and their partners who want to integrate secure alternatives to PIV-based authentication need to support authorized users who will be employing personally owned or partner-owned devices, such as smart phones and home or non-government office computers, to access government or partner information systems containing sensitive information. By using the objective criteria in this guidance, government organizations can make better informed decisions about which multi-factor solutions meet their particular needs. And by following the practical guidelines, users can reduce their risk exposure and become harder targets for malicious threat actors.