Two-factor authentication using HSPD-12 is
|“||two-factor authentication based on standard technologies through the use of Personal Identity Verification (PIV) cards. The PIV cards must be compliant with Homeland Security Presidential Directive 12 (HSPD-12) which mandates a Federal standard for secure and reliable forms of identification.||”|
When Federal agencies use cloud services where authentication, encryption, and digital signatures services are provided, they are required to use two-factor authentication using HSPD-12. ￼Two-factor authentication to gain access to a CSP environment using HSPD-12 provides various benefits that add heightened security to [U.S. federal] agency use of cloud services. These benefits include (but are not limited to):
- Digital signature, encryption, and archiving of data;
- High trust in identity credentials;
- High confidence in an asserted identity when logging onto government networks from remote locations; and
- Use of a single authentication token for access to CSP environments.
When two-factor authentication is needed for cloud services, agencies are advised to include contract language requiring CSPs to use HSPD-12 compliant PIV cards. Such language would supplement the existing FAR requirements related to using the PIV card for contractor access.
- ↑ Creating Effective Cloud Computing Contracts for the Federal Government, Best Practices for Acquiring IT as a Service, at 15-16.