FEMA mobile derived PIV credential (FEMA)


Practical security for FEMA in the field

Federal Emergency Management Agency employees can now securely access work email, the intranet and other applications remotely by registering their mobile devices and receiving credentials derived from their FEMA-issued personal identity verification cards.

Cybersecurity Finalists

APE: Novel Intrusion Prevention for Android
Department of Homeland Security

Baseline Tailor
National Institute of Standards and Technology, Department of Commerce

Continuous Diagnostics and Mitigation Program

Derived PIV Credentials for Mobile Devices
Federal Emergency Management Agency, DHS

Security Accreditation in the C2S Isolated Cloud Region
Intelligence Community


Click here for the full list of 2017 Dig IT finalists for all categories. And please join us at the Oct. 19 Dig IT Awards gala.

“Authenticating mobile devices with PIV-derived credentials ensures that communications from FEMA mobile devices are genuine, and it allows the mobile devices to securely access the full panoply of FEMA IT resources,” said Adrian Gardner, the agency’s CIO. “In addition, using two-factor authentication makes FEMA far less vulnerable to a breach than just using a username and password.”

FEMA is the first civilian agency to implement this type of derived credential at the enterprise level, Gardner added. He cited three main benefits: freeing FEMA mobile users from complex password requirements to access devices and applications, increasing device and access point security, and reducing the risk of unauthorized access to FEMA data, systems and applications.

Under the system, FEMA mobile device users visit a Department of Homeland Security portal where they use a PIV card to authenticate themselves and request their derived credentials. The credentials are sent to FEMA’s mobile device management server. Users register their agency-issued mobile devices with the server, and in so doing, they install the MDM profile, including the derived credentials, on their mobile devices.

The agency began work on the project two years ago, and the technology went into production in April. FEMA has migrated more than 12,000 of nearly 19,000 users and expects to complete the rollout this month. The first to receive the credentials were about 600 employees in the Disaster Survivor Assistance Cadre who have been responding to the aftermaths of hurricanes Harvey, Irma and Maria.

“The cost to implement PIV-D is estimated to be $2.39 million,” Gardner said. “However, PIV-D has yielded cost avoidances by allowing us to standardize on authentication for each of our users.” As a result, he expects to see a 50 percent return on investment over two years.

About the Author

Stephanie Kanowitz is a freelance writer based in northern Virginia.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected