Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- Mic Drop — Announcing the New Special Publication 800-63 Suite!
- REGISTER NOW – Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
- Build Trust and Verify: New funding opportunity to assess our state pilots!
Tag Archives: GitHub
More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at https://pages.nist.gov/800-63! Continue reading
Let’s get this out of the way right up front: this is not an early April Fools Day prank!
Granted, government blogs aren’t the typical medium for getting emotional. But we (Paul and Mike), and the rest of our incredible team at NIST, have truly been moved by the support, encouragement, and engagement you’ve provided as we embarked simultaneously on this major update to the document and – perhaps even bigger – updating our community engagement process to achieve a better result on this document. Continue reading
Don’t recognize us? We have a new blog theme! The NSTIC Notes blog is now I Think, Therefore IAM: a digital identities blog. Check out our latest post, below!
Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today we are excited to announce the next step: the official public draft of SP 800-63-3 is out, open for public comment, and we’re anxiously awaiting more great feedback. The public draft will have a 60-day open comment period, closing on March 31st. Continue reading
Back in January, NIST’s Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication. Continue reading
Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation
Some communities and organizations that share common user bases and transaction types are addressing challenges to users’ privacy and security by allowing users to access multiple services through common login processes. This approach – known as federated identity management – enables users to access multiple online organizations and services through shared authentication processes, instead of authenticating separately with each service provider. Continue reading
As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next… Continue reading
Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 22.214.171.124 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading
Today, we’re releasing the public preview of draft Special Publication 800-63-3, Digital Authentication Guideline. We’re excited to share the updates we’ve made—along with the new process that enables our stakeholders to more contribute to the document in a more dynamic way. Continue reading