Tag Archives: GitHub

Mic Drop — Announcing the New Special Publication 800-63 Suite!

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at https://pages.nist.gov/800-63! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

A minor plot twist: Comment period extended for PART of SP 800-63-3

Let’s get this out of the way right up front: this is not an early April Fools Day prank!

Granted, government blogs aren’t the typical medium for getting emotional. But we (Paul and Mike), and the rest of our incredible team at NIST, have truly been moved by the support, encouragement, and engagement you’ve provided as we embarked simultaneously on this major update to the document and – perhaps even bigger – updating our community engagement process to achieve a better result on this document. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , | Leave a comment

From public preview to public draft: SP 800-63 is open for comment!

Don’t recognize us? We have a new blog theme! The NSTIC Notes blog is now I Think, Therefore IAM: a digital identities blog. Check out our latest post, below!

Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today we are excited to announce the next step: the official public draft of SP 800-63-3 is out, open for public comment, and we’re anxiously awaiting more great feedback. The public draft will have a 60-day open comment period, closing on March 31st. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , | Leave a comment

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

Back in January, NIST’s Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation

Some communities and organizations that share common user bases and transaction types are addressing challenges to users’ privacy and security by allowing users to access multiple services through common login processes. This approach – known as federated identity management – enables users to access multiple online organizations and services through shared authentication processes, instead of authenticating separately with each service provider. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

Many thanks for a successful 800-63-3 public preview!

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next… Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , | 2 Comments

Questions…and buzz surrounding draft NIST Special Publication 800-63-3

Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 5.1.3.2 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Announcing Draft Special Publication 800-63-3: Digital Authentication Guideline!

Today, we’re releasing the public preview of draft Special Publication 800-63-3, Digital Authentication Guideline. We’re excited to share the updates we’ve made—along with the new process that enables our stakeholders to more contribute to the document in a more dynamic way. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , | 1 Comment