Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- Mic Drop — Announcing the New Special Publication 800-63 Suite!
- REGISTER NOW – Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
- Build Trust and Verify: New funding opportunity to assess our state pilots!
Tag Archives: NISTIR
Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation
Some communities and organizations that share common user bases and transaction types are addressing challenges to users’ privacy and security by allowing users to access multiple services through common login processes. This approach – known as federated identity management – enables users to access multiple online organizations and services through shared authentication processes, instead of authenticating separately with each service provider. Continue reading
I’ve said it before and I’ll say it again: NIST’s efforts in defining measurement science and metrics in digital identity management must be aligned with the goals of the community. Today I’m pleased to announce the draft release of NISTIR 8103: Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps. This document summarizes two days of discussion from the over 220 participants at NIST’s workshop last month in Gaithersburg, Maryland, and provides a brief glance at how we intend to move forward in these important topics. Continue reading
Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model. Continue reading