News Room Media Inquiry
Ability to issue derived PIV credentials on YubiKeys supports the recent U.S. Cybersecurity Executive Order
Minneapolis, MN and Palo Alto, CA. – (June 17, 2021) – Entrust, a leading provider of trusted identities, payments and data protection, today announced a partnership with Yubico, the leading provider of hardware authentication security keys, allowing U.S. federal agencies to issue YubiKey 5 Series and YubiKey 5 FIPS Series with Entrust derived PIV (Personal Identity Verification) credentials to employees instantly, remotely and at scale.
“The recent U.S. Executive Order on improving the Nation’s Cybersecurity mandated that within 180 days, federal government agencies adopt multifactor authentication and encryption for data at rest and in transit,” stated James LaPalme, VP and GM of the Entrust Identity segment. “Leveraging our PKI technology to add PIV-D credentials to Yubico’s industry leading YubiKey solution will help make it easy for these departments to comply.”
Established on FIPs 201-2, the U.S. federal government’s PIV program requires smart card-based authentication for employees to be able to access government computers and networks. However, PIV cards on their own present many operational inefficiencies, including requiring a specific card reader for mobile devices and many desktops and laptops. Additionally, PIV cards are difficult to issue and manage with today’s distributed workforce.
"The ability to issue derived PIV credentials from a credential management system directly to an alternative hardware token is a real game changer, providing strong security without the logistical challenges presented by physical PIV card issuance," said Suresh Kewalramani, Security Engineer, Department of Justice, Identity, Credential, and Access Management Services.
Derived PIV credentials (PIV-D) on a YubiKey eliminate the need for a physical smart card to comply with this mandate. Entrust is an acknowledged leader in digital credentials for the U.S. federal market, issuing civilian agency credentials and data protection solutions that help secure the data, encryption keys and secrets of many U.S. agencies. Customers can take advantage of YubiKeys with derived PIV credentials, which are based on NIST 800-157 using the Entrust Managed PKI solution. Additionally, this functionality is included with Entrust Identity Enterprise, which joins Identity as a Service and Identity Essentials as part of the “Works with YubiKey” program.
“Derived PIV credentials work well with mobile devices, are easy to issue and manage remotely, do not require a specific card reader and remove many of the other challenges presented by physical smart cards,” said Jeff Frederick, Manager, Solutions Engineering, Yubico. “As such, we are extremely pleased to work with Entrust, the recognized leader in the provision of PIV credentials, to make derived PIV credential issuance available with YubiKeys.”
Jeremy Grant, Venable’s Managing Director of Technology and architect of the National Strategy for Trusted Identities in Cyberspace (NSTIC) program, sees this solution as enabling today’s workforce, “PIV was defined at a time when there was a defined network perimeter that could be effectively secured, and government employees largely worked in office environments. Fast forward to 2021, and we require the strength of PIV credentials more than ever, but the world of work has changed. Government employees need secure anytime access from anywhere on any device. This derived PIV credential solution enables this secure mobile workforce.”
To learn more about Entrust derived PIV credential issuance with YubiKeys read our blog and sign up for our upcoming webinar, Strong Authentication for U.S. Government Employees, on July 28 at 8 am PST / 10 am CDT.
About Entrust Corporation
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. For more information, visit www.entrust.com.
About Yubico
Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts. The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers. The company’s technology is deployed and loved by 9 of the top 10 technology companies, 4 of the top 10 U.S. banks, 2 of the top 3 global retailers, and by millions of users in more than 160 countries. Yubico is also a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards. Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com.