Tag Archives: authentication

Mic Drop — Announcing the New Special Publication 800-63 Suite!

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at https://pages.nist.gov/800-63! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3

Just 15 days remain in the comment period for draft Special Publication (SP) 800-63-3: Digital Identity Guidelines! The document opened for public comment on January 30th and will close on March 31st. Based on the comments we’ve received so far, we don’t expect to extend the deadline, so get to work and submit your comments before closing time! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

From public preview to public draft: SP 800-63 is open for comment!

Don’t recognize us? We have a new blog theme! The NSTIC Notes blog is now I Think, Therefore IAM: a digital identities blog. Check out our latest post, below!

Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today we are excited to announce the next step: the official public draft of SP 800-63-3 is out, open for public comment, and we’re anxiously awaiting more great feedback. The public draft will have a 60-day open comment period, closing on March 31st. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , | Leave a comment

2016 Year in Review: (TIG-ing stock of) Innovation in the Identity Ecosystem

When you think about 2016, the first thing that comes to mind is innovation in the identity ecosystem. That can’t just be us, right? While there has been a host of high-profile bad things that happened in digital identity this year, we try to keep our eyes on the prize. And there’s been a lot of progress toward the long-term goal. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , | Leave a comment

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

Back in January, NIST’s Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Many thanks for a successful 800-63-3 public preview!

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next… Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , | 2 Comments

Citius, Altius, Fortius: Announcing 6 new pilot projects across 10 states (and D.C.!)

As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Questions…and buzz surrounding draft NIST Special Publication 800-63-3

Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 5.1.3.2 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Calling all 800-63-3 comments!

Have you done your summer reading yet? We’re approaching this summer’s halfway point – which means we’re halfway through the public preview of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. Don’t let the dog days of summer get you down – we still need your feedback and expert opinions! For a refresher on some of the major changes to 800-63-3 and why we’re using GitHub to solicit comments, see our announcement blog. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , | Leave a comment

Out with the old, in with the new: making MFA the norm

It seems it’s finally multi-factor authentication’s (MFA) time in the limelight. A recent Wells Fargo commercial touts a movement beyond the password with strong authentication. Bank of America enabled passcode-free mobile login with fingerprint. The White House released the Cybersecurity National Action Plan (CNAP), expanding upon Executive Order 13681, with a focus on securing accounts with MFA. Betty White’s on board, too. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment