Federal agencies have new guidance on how to control their networks, and maintain knowledge of who everyone on the network is who they say they are. The end result could be the end of security cards as we know them in the federal government. Sarbari Gupta, President & CEO of Electrosoft, says that one of the easiest ways to bolster this security is to reuse credentials.
“Right now today, each agency will issue their own credentials. Especially for contractors if they work for multiple agencies, they’ll get as many PIV credentials. It seems like a terrible waste of money and time. However, that’s how it is working today,” Gupta said. “With this memo, there’s a lot more focus on agencies trying to reuse credentials that has been issued by another agency.”
Jeremy Grant, managing director of technology business strategy at Venable, says that current methods of security at agencies are outdated, and they may start piloting new technologies soon.
“On the enterprise side, one area that I know a lot of agencies I’ve talked to are quite interested in are alternative approaches to authentication,” Grant said. “We have been tied to smart cards, PKI certificates for 10-15 years now. The market has really evolved. Like the FIDO standards that are being embedded in every device from Microsoft and Google and running those operational systems. This gives agencies additional flexibilities to use different kinds of authentication that still align with NIST guidance on authentication. You will see pilots there where, maybe for mobile devices, they will look to shake things up little bit.”