The National Institute of Standards and Technology has released the second draft of a handbook that describes how to extend onto mobile devices a federally mandated access security standard originally meant for desktops and laptops, American Security Today reported Thursday.
The revised handbook incorporates feedback from the first draft and features additional sample implementations for the Derived Personal Identity Verification Credentials System, a variant of the PIV system designed in response to a 2004 presidential directive that sought to standardize access security mechanisms in federal agencies.
The original PIV system involved the use of PIV cards, which required card readers typically found in desktop and laptop computers, but not on mobile devices like tablets and smartphones.
The DPC System replaces PIV cards with “tokens,” which can take the form of software, removable components like SD cards, or integrated hardware.
The NIST, which published the handbook in partnership with the National Cybersecurity Center of Excellence and several participating firms, is inviting the public to further improve the document by providing feedback via email.
The agency, which has called on interested parties “to share lessons learned and best practices,” will be accepting comments until Oct. 1.