FEMA mobile derived PIV credential (FEMA)


Practical security for FEMA in the field

Federal Emergency Management Agency employees can now securely access work email, the intranet and other applications remotely by registering their mobile devices and receiving credentials derived from their FEMA-issued personal identity verification cards.

Cybersecurity Finalists

APE: Novel Intrusion Prevention for Android
Department of Homeland Security

Baseline Tailor
National Institute of Standards and Technology, Department of Commerce

Continuous Diagnostics and Mitigation Program

Derived PIV Credentials for Mobile Devices
Federal Emergency Management Agency, DHS

Security Accreditation in the C2S Isolated Cloud Region
Intelligence Community


Click here for the full list of 2017 Dig IT finalists for all categories. And please join us at the Oct. 19 Dig IT Awards gala.

“Authenticating mobile devices with PIV-derived credentials ensures that communications from FEMA mobile devices are genuine, and it allows the mobile devices to securely access the full panoply of FEMA IT resources,” said Adrian Gardner, the agency’s CIO. “In addition, using two-factor authentication makes FEMA far less vulnerable to a breach than just using a username and password.”

FEMA is the first civilian agency to implement this type of derived credential at the enterprise level, Gardner added. He cited three main benefits: freeing FEMA mobile users from complex password requirements to access devices and applications, increasing device and access point security, and reducing the risk of unauthorized access to FEMA data, systems and applications.

Under the system, FEMA mobile device users visit a Department of Homeland Security portal where they use a PIV card to authenticate themselves and request their derived credentials. The credentials are sent to FEMA’s mobile device management server. Users register their agency-issued mobile devices with the server, and in so doing, they install the MDM profile, including the derived credentials, on their mobile devices.

The agency began work on the project two years ago, and the technology went into production in April. FEMA has migrated more than 12,000 of nearly 19,000 users and expects to complete the rollout this month. The first to receive the credentials were about 600 employees in the Disaster Survivor Assistance Cadre who have been responding to the aftermaths of hurricanes Harvey, Irma and Maria.

“The cost to implement PIV-D is estimated to be $2.39 million,” Gardner said. “However, PIV-D has yielded cost avoidances by allowing us to standardize on authentication for each of our users.” As a result, he expects to see a 50 percent return on investment over two years.

About the Author

Stephanie Kanowitz is a freelance writer based in northern Virginia.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected