Tag Archives: privacy

Mic Drop — Announcing the New Special Publication 800-63 Suite!

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at https://pages.nist.gov/800-63! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

REGISTER NOW – Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop

We are pleased to announce the next workshop in NIST’s ongoing series on privacy engineering and risk management – Privacy Risk Assessment: A Prerequisite for Privacy Risk Management, to be held in Gaithersburg, Maryland, on June 5, 2017. Registration is open now! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Making Privacy Concrete (Three Words Not Usually Found Together)

Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple of us in the office are doing house renovations, but with today’s publication of the NIST Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062), we are taking a page from the concrete folks’ book with a document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art. NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems. Continue reading

Posted in Uncategorized | Tagged , , | 7 Comments

Citius, Altius, Fortius: Announcing 6 new pilot projects across 10 states (and D.C.!)

As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

REGISTER NOW: Privacy Controls Workshop on next steps for NIST SP 800-53, Appendix J!

We’re pleased to announce that on September 8, 2016, NIST and the Department of Transportation will hold a technical workshop on the next steps for NIST Special Publication 800-53, Appendix J…and registration is now open! Workshop participation from security and privacy engineers, privacy subject matter experts, and Senior Agency Officials for Privacy (SAOPs) is imperative for this workshop to be a success, so we encourage experts in these areas to register and attend. However, everyone is welcome so please feel free to join us if you are interested in the design of privacy protections in federal information systems. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | 2 Comments

Questions…and buzz surrounding draft NIST Special Publication 800-63-3

Here’s the backstory: You may have noticed that we’ve been getting a wee bit of attention on the proposed deprecation of SMS as an out-of-band second authentication factor in section 5.1.3.2 of draft NIST Special Publication 800-63-3: Digital Authentication Guideline. First, we’re happy to get the attention. Sure, this is a NIST document, but the point of public comment—and our extended public preview of the draft on GitHub—is to make sure the community is a part of creating it. The more eyes the better. The team here at NIST wouldn’t quite say many commenters make lighter work—but they sure do make a better end product. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , | 2 Comments

Out with the old, in with the new: making MFA the norm

It seems it’s finally multi-factor authentication’s (MFA) time in the limelight. A recent Wells Fargo commercial touts a movement beyond the password with strong authentication. Bank of America enabled passcode-free mobile login with fingerprint. The White House released the Cybersecurity National Action Plan (CNAP), expanding upon Executive Order 13681, with a focus on securing accounts with MFA. Betty White’s on board, too. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , | Leave a comment

Celebrating Data Privacy Day and everything it stands for!

Happy Data Privacy Day! According to a recent survey of young Americans by Harvard’s Institute of Politics, 65% of respondents said they were “very concerned” about technology companies collecting digital information from their phone or computer. While it’s only January, that level of concern suggests privacy will continue to have a place in the national conversation throughout 2016. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

Stepping stones: working to establish a solid foundation for measurement science in the Identity Ecosystem

The “Applying Measurement Science in the Identity Ecosystem” workshop was a huge success from NIST’s perspective; post-conference chatter leads me believe that attendees felt the same way. These two days further validated my excitement coming to work every day: we were humbled by the 220 familiar faces and new friends that showed a desire to build on the community’s progress in digital identity, along with the diversity of opinions and expertise to do just that. Between informative expert panels and intensive breakout sessions, attendees delved into measurement science in the Identity Ecosystem – brainstorming and evaluating approaches, barriers, implementation considerations, and more. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

NIST civic hacking day challenge sparks the creation of an innovative new API

Multi-factor authentication (MFA) is near and dear to our hearts at NSTIC. We understand how important it is to the security and privacy of online transactions and we get excited about any opportunity to increase the awareness of—and encourage the adoption of—MFA. This is why we jumped at the opportunity to submit a challenge about MFA for the National Day of Civic Hacking earlier this summer. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment