DoD, federal agencies, state and local governments, and defense contractors often rely on shared workstations, secure terminals, and operational systems that must remain continuously available. However, NIST SP 800-171 requires strict enforcement of user identification, authentication, auditability, and accountability—creating a challenge in environments where multiple users access the same machine.

This white paper explains how PIV-I and CAC card authentication with PIN verification enables organizations to meet these requirements without disrupting mission-critical workflows.

This white paper outlines:

• How to meet NIST 800-171 Identification and Authentication (IA 3.5.x) requirements using PIV-I and CAC cards
• How to enforce strong, phishing-resistant authentication with smart card + PIN on shared machines
• How to achieve Audit and Accountability (AU 3.3.x) with named-user traceability
• How Credenti validates certificates using CRL and OCSP and enforces expiration checks
• How to support CMMC Level 2 readiness with auditable access controls
• A real-world example of PIV-I/CAC authentication and machine unlock workflow

It addresses the core challenge for defense and regulated organizations: maintaining fast, uninterrupted access to shared systems while ensuring every action is tied to a verified individual for compliance, audit readiness, and incident response.

Download the white paper to learn how to implement smart card–based, auditable access for shared workstations while aligning with NIST 800-171 and CMMC requirements—without changing existing workflows.

‍