Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- Return of the Great Zoltan! Our 800-63 FAQs answer life’s most perplexing questions (about digital identity, anyway).
- Mic Drop — Announcing the New Special Publication 800-63 Suite!
- REGISTER NOW – Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
August 2017 M T W T F S S « Jul 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Category Archives: Uncategorized
Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation
Some communities and organizations that share common user bases and transaction types are addressing challenges to users’ privacy and security by allowing users to access multiple services through common login processes. This approach – known as federated identity management – enables users to access multiple online organizations and services through shared authentication processes, instead of authenticating separately with each service provider. Continue reading
As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next… Continue reading
As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading
We’re pleased to announce that on September 8, 2016, NIST and the Department of Transportation will hold a technical workshop on the next steps for NIST Special Publication 800-53, Appendix J…and registration is now open! Workshop participation from security and privacy engineers, privacy subject matter experts, and Senior Agency Officials for Privacy (SAOPs) is imperative for this workshop to be a success, so we encourage experts in these areas to register and attend. However, everyone is welcome so please feel free to join us if you are interested in the design of privacy protections in federal information systems. Continue reading
Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 22.214.171.124 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading
Have you done your summer reading yet? We’re approaching this summer’s halfway point – which means we’re halfway through the public preview of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. Don’t let the dog days of summer get you down – we still need your feedback and expert opinions! For a refresher on some of the major changes to 800-63-3 and why we’re using GitHub to solicit comments, see our announcement blog. Continue reading
To get to the core of multi-factor authentication (MFA) and why it’s such an important security feature, we caught up with Michael Kaiser, the Executive Director of the National Cyber Security Alliance (NCSA). Mr. Kaiser graciously sat down with us for our inaugural coffee chat – a new series on the NSTIC Notes Blog. In this series, we’ll hear from various leaders in the identity community as they share unique perspectives—in their own words—on essential identity topics. See our questions and his answers, below. Continue reading
Here’s the traditional, not so secure way to log in to your bank account: enter your username and that familiar password you probably use for most of your online accounts. Then, you’re in. You can go about your business.
Not so fast! If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could create a “domino effect” that allows hackers to take down multiple accounts just by cracking one password. The good news? There’s an easy way to better protect your accounts (which contain a lot of personal information) with multi-factor authentication (MFA). Continue reading