Author Archives: TIG

Making Privacy Concrete (Three Words Not Usually Found Together)

Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple of us in the office are doing house renovations, but with today’s publication of the NIST Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062), we are taking a page from the concrete folks’ book with a document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art. NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems. Continue reading

Posted in Uncategorized | Tagged , , | 7 Comments

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

Back in January, NIST’s Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Coffee Chat with Michael Kaiser, Executive Director, National Cyber Security Alliance

To get to the core of multi-factor authentication (MFA) and why it’s such an important security feature, we caught up with Michael Kaiser, the Executive Director of the National Cyber Security Alliance (NCSA). Mr. Kaiser graciously sat down with us for our inaugural coffee chat – a new series on the NSTIC Notes Blog. In this series, we’ll hear from various leaders in the identity community as they share unique perspectives—in their own words—on essential identity topics. See our questions and his answers, below. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

Back to Basics: What’s multi-factor authentication – and why should I care?

Here’s the traditional, not so secure way to log in to your bank account: enter your username and that familiar password you probably use for most of your online accounts. Then, you’re in. You can go about your business.

Not so fast! If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows hackers to take down multiple accounts just by cracking one password. The good news? There’s an easy way to better protect your accounts (which contain a lot of personal information) with multi-factor authentication (MFA). Continue reading

Posted in Uncategorized | Tagged , , , , , , , | 1 Comment

A previously unknown vulnerability.

This has gone on long enough. In 2004, Bill Gates predicted the demise of the password: “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”

The first known computer password heist occurred 54 years ago and the situation is arguably worse than it was in 1962. The 2015 Verizon Data Breach Report estimated 700 million compromised records in 2014 with a $400 million estimated financial impact. According to Verizon’s Data Breach Digest, 80% of breaches involve exploitation of stolen, weak, default, or easily guessable passwords. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , | 4 Comments

NIST civic hacking day challenge sparks the creation of an innovative new API

Multi-factor authentication (MFA) is near and dear to our hearts at NSTIC. We understand how important it is to the security and privacy of online transactions and we get excited about any opportunity to increase the awareness of—and encourage the adoption of—MFA. This is why we jumped at the opportunity to submit a challenge about MFA for the National Day of Civic Hacking earlier this summer. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

Goals of NSTIC past, present, and future: NCSA guest blog interview

Our friends at the National Cyber Security Alliance recently caught up with Mike Garcia, acting director of the NSTIC NPO, to jumpstart their new executive Q&A blog series! This interview will give you a glimpse into what the NSTIC NPO … Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

NIST joins the FIDO Alliance

Recently NIST joined the FIDO Alliance under its newly-created government membership class. The FIDO Alliance was formed in July of 2012 and aims to bring easy-to-use, privacy-enhancing authentication devices to the consumer mass market. FIDO-based credentials are designed to provide an … Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | 1 Comment

A new look at levels of assurance

Spring is a great time for change, and here at the NSTIC NPO, we like to think we’re always ready for change. When we catch wind of a change in the world of online identity, we like to prepare early. Continue reading

Posted in Uncategorized | Tagged | 3 Comments

Join Senior Administration Officials at Upcoming IDESG Plenary, June 17-19, Washington, D.C

Implementation of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is in full stride. Our three complementary initiatives – partnering with the private-sector led Identity Ecosystem Steering Group (IDESG), launching the Federal Cloud Credential Exchange (FCCX), and catalyzing the marketplace through NSTIC pilots– are hitting major milestones in 2014, contributing significantly to the emerging Identity Ecosystem envisioned in the strategy. We hope you will join us outside our nation’s capital at the NIST campus in Gaithersburg, Maryland June 17-19 to learn more, network with those engaged in NSTIC initiatives, and join in the important ongoing work of the IDESG. Virtual participation will also be available. Continue reading

Posted in Uncategorized | Leave a comment