Reliable identification of Federal employees and contractors requires use of a smart card known as a Personal Identity Verification (PIV) card. Unlike traditional use cases involving physical access to a facility or logical access to a laptop or desktop computer, using a smart card with a smartphone or other small, mobile device poses significant cost, deployment and ergonomic challenges. This is especially true for emergency response use cases that require rapid deployment of inter-agency secure communications. Various agencies within the US Federal government plan to address these challenges with the concept of the "derived credential" introduced in the draft FIPS 201-2 document from August 2013. In this paper we look at the security requirements for several use cases where derived credentials could apply. Situations involving derived versus non-derived credentials are compared and the security properties are noted. Next, various methods to secure derived credentials on a device are analyzed. Methods using a Trusted Execution Environment (TEE), a secure/smart SD card, and a Universal Integrated Circuit Card (UICC) are compared. A novel secure element, known as the CRYPTR-micro is introduced and its properties are described. Various policy issues that need to be solved are discussed when moving to derived credentials. Finally, areas for future work are noted and expectations for future standardization efforts are discussed.