Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
- Build Trust and Verify: New funding opportunity to assess our state pilots!
- From public preview to public draft: SP 800-63 is open for comment!
- Making Privacy Concrete (Three Words Not Usually Found Together)
April 2017 M T W T F S S « Mar 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Tag Archives: privacy
Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple of us in the office are doing house renovations, but with today’s publication of the NIST Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062), we are taking a page from the concrete folks’ book with a document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art. NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems. Continue reading
As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading
We’re pleased to announce that on September 8, 2016, NIST and the Department of Transportation will hold a technical workshop on the next steps for NIST Special Publication 800-53, Appendix J…and registration is now open! Workshop participation from security and privacy engineers, privacy subject matter experts, and Senior Agency Officials for Privacy (SAOPs) is imperative for this workshop to be a success, so we encourage experts in these areas to register and attend. However, everyone is welcome so please feel free to join us if you are interested in the design of privacy protections in federal information systems. Continue reading
Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 188.8.131.52 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading
Happy Data Privacy Day! According to a recent survey of young Americans by Harvard’s Institute of Politics, 65% of respondents said they were “very concerned” about technology companies collecting digital information from their phone or computer. While it’s only January, that level of concern suggests privacy will continue to have a place in the national conversation throughout 2016. Continue reading
Multi-factor authentication (MFA) is near and dear to our hearts at NSTIC. We understand how important it is to the security and privacy of online transactions and we get excited about any opportunity to increase the awareness of—and encourage the adoption of—MFA. This is why we jumped at the opportunity to submit a challenge about MFA for the National Day of Civic Hacking earlier this summer. Continue reading
It’s certainly too early to spike the ball, but yesterday the Identity Ecosystem Steering Group (IDESG) met another milestone by approving the initial set of baseline requirements for the Identity Ecosystem Framework (IDEF). These requirements are a critical element to building the IDEF—which the IDESG has been chartered to establish and govern. As identified in the NSTIC, successful establishment of the IDEF is a must-have in the ongoing successful development of online commerce, government efficiency, and effective and efficient communication among and between individuals, the private sector, and the public sector. The baseline requirements were developed by IDESG work committees to address minimum requirements for Identity Ecosystem participants in four key areas: privacy, security and resiliency, interoperability, and user experience. These areas align directly with the committee structure of the IDESG and with the Guiding Principles of the NSTIC. Continue reading
The NSTIC NPO has just announced a brand new funding opportunity with a special focus on privacy enhancing technologies. NSTIC is soliciting applications from eligible applicants to pilot privacy-enhancing technologies that embrace and advance the NSTIC vision and contribute to the maturity of the Identity Ecosystem the NSTIC envisions: promote secure, privacy-enhancing, and user-friendly ways to give individuals and organizations convenience in their online interactions. Continue reading