CYBERSECURITY
Category Winner
Practical security for FEMA
in the field
Derived PIV Credentials for Mobile Devices
Federal Emergency Management Agency, Department of Homeland Security
F ederal Emergency Management Agency employees can now
securely access work email, the intranet and other applications remotely by registering their mobile devices and receiving credentials derived from their FEMA-issued personal identity verifica- tion cards.
“Authenticating mobile devices with PIV-derived credentials ensures that com- munications from FEMA mobile devices are genuine, and it allows the mobile devices to securely access the full panoply of FEMA IT resources,” said Adrian Gard- ner, the agency’s CIO. “In addition, using two-factor authentication makes FEMA far less vulnerable to a breach than just using a username and password.”
FEMA is the first civilian agency to implement this type of derived credential at the enterprise level, Gardner added. He cited three main benefits: freeing FEMA mobile users from complex password requirements to access devices and appli- cations, increasing device and access point security, and reducing the risk of unau- thorized access to FEMA data, systems and applications.
Under the system, FEMA mobile device
users visit a Department of Homeland Se- curity portal where they use a PIV card to authenticate themselves and request their derived credentials. The credentials are sent to FEMA’s mobile device manage- ment server. Users register their agency- issued mobile devices with the server, and in so doing, they install the MDM profile, including the derived credentials, on their
mobile devices.
The agency began work on the project
two years ago, and the technology went into production in April. FEMA has mi- grated more than 12,000 of nearly 19,000 users and expects to complete the rollout this month. The first to receive the cre- dentials were about 600 employees in the Disaster Survivor Assistance Cadre who
34 GCN OCTOBER/NOVEMBER 2017 • GCN.COM
FEMA
PHOTO CREDIT HERE