Entrust partners with Yubico to issue PIV credentials on YubiKeys for U.S. government employees
Entrust announced a partnership with Yubico allowing U.S. federal agencies to issue YubiKey 5 Series and YubiKey 5 FIPS Series with Entrust derived PIV (Personal Identity Verification) credentials to employees instantly, remotely and at scale.
“The recent U.S. Executive Order on improving the Nation’s Cybersecurity mandated that within 180 days, federal government agencies adopt multifactor authentication and encryption for data at rest and in transit,” stated James LaPalme, VP and GM of the Entrust Identity segment. “Leveraging our PKI technology to add PIV-D credentials to Yubico’s industry leading YubiKey solution will help make it easy for these departments to comply.”
Established on FIPs 201-2, the U.S. federal government’s PIV program requires smart card-based authentication for employees to be able to access government computers and networks. However, PIV cards on their own present many operational inefficiencies, including requiring a specific card reader for mobile devices and many desktops and laptops. Additionally, PIV cards are difficult to issue and manage with today’s distributed workforce.
“The ability to issue derived PIV credentials from a credential management system directly to an alternative hardware token is a real game changer, providing strong security without the logistical challenges presented by physical PIV card issuance,” said Suresh Kewalramani, Security Engineer, Department of Justice, Identity, Credential, and Access Management Services.
Derived PIV credentials (PIV-D) on a YubiKey eliminate the need for a physical smart card to comply with this mandate. Entrust is an acknowledged leader in digital credentials for the U.S. federal market, issuing civilian agency credentials and data protection solutions that help secure the data, encryption keys and secrets of many U.S. agencies.
Customers can take advantage of YubiKeys with derived PIV credentials, which are based on NIST 800-157 using the Entrust Managed PKI solution. Additionally, this functionality is included with Entrust Identity Enterprise, which joins Identity as a Service and Identity Essentials as part of the “Works with YubiKey” program.
“Derived PIV credentials work well with mobile devices, are easy to issue and manage remotely, do not require a specific card reader and remove many of the other challenges presented by physical smart cards,” said Jeff Frederick, Manager, Solutions Engineering, Yubico. “As such, we are extremely pleased to work with Entrust, the recognized leader in the provision of PIV credentials, to make derived PIV credential issuance available with YubiKeys.”
Jeremy Grant, Venable’s Managing Director of Technology and architect of the National Strategy for Trusted Identities in Cyberspace (NSTIC) program, sees this solution as enabling today’s workforce, “PIV was defined at a time when there was a defined network perimeter that could be effectively secured, and government employees largely worked in office environments. Fast forward to 2021, and we require the strength of PIV credentials more than ever, but the world of work has changed. Government employees need secure anytime access from anywhere on any device. This derived PIV credential solution enables this secure mobile workforce.”