Principal ICAM Emerging Technology Engineer, MITRE Corporation
Beyond PIV and CAC: Modern Authentication for the US Government
United States Government Agencies are required to use either Common Access Card (CAC) or Personal Identity Verification (PIV) cards to authenticate employees to official information systems. During a global pandemic or in other scenarios where authorized users do not have access to government furnished equipment (GFE) or cannot utilize a CAC or PIV card, using alternative strong authentication mechanisms becomes necessary. The Federal Government has issued guidance regarding permitted issuance of alternative authenticator.
This presentation will explore the requirements for a CAC or PIV alternative MFA solution to meet the Government’s needs. We will also examine the various use cases that the new MFA solutions needed to solve. We will delve into the implementation process the Agencies went through to successfully deploy FIDO2 and WebAuthn and will conclude with lessons learned.