The IT Law Wiki

Two-factor authentication using HSPD-12

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Two-factor authentication using HSPD-12 is

two-factor authentication based on standard technologies through the use of Personal Identity Verification (PIV) cards. The PIV cards must be compliant with Homeland Security Presidential Directive 12 (HSPD-12) which mandates a Federal standard for secure and reliable forms of identification.[1]

Overview Edit

When Federal agencies use cloud services where authentication, encryption, and digital signatures services are provided, they are required to use two-factor authentication using HSPD-12. Two-factor authentication to gain access to a CSP environment using HSPD-12 provides various benefits that add heightened security to [U.S. federal] agency use of cloud services. These benefits include (but are not limited to):

When two-factor authentication is needed for cloud services, agencies are advised to include contract language requiring CSPs to use HSPD-12 compliant PIV cards. Such language would supplement the existing FAR requirements related to using the PIV card for contractor access.

References Edit

  1. Creating Effective Cloud Computing Contracts for the Federal Government, Best Practices for Acquiring IT as a Service, at 15-16.

Source Edit

Also on Fandom

Random Wiki