Menu Close

NIST updates Digital Identity Guidelines with biometrics requirements, alternatives

The U.S. National Institute of Standards and Technology has released revised guidelines for digital identification in federal government systems.

The new guidelines set technical requirements to support risk-based management of digital identities to reduce fraud and cybercrime, while maintaining equity and fundamental human rights.

The ‘Digital Identity Guidelines’ draft updates the section on using biometrics for identity proofing, including requirements for performance and testing. It identifies authentication methods that are more resistant to phishing attacks, and includes updated recommendations on best practices for sharing and exchanging digital identity information between different systems, as in federated authentication.

Identity federation, authentication, and proofing are dealt with in three volumes following the initial volume describing underlying risk management processes, as in previous versions of the guidelines.

Comments are due by March 24, 2023. NIST will also hold a workshop on January 12, 2023, to explain the major changes to the guidelines.

NIST is an agency of the Department of Commerce.

“These guidelines are intended to help organizations manage risks related to digital identity and get the right services to the right people while preventing fraud, preserving privacy, fostering equity and delivering high-quality, usable services to all,” says Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “We are actively seeking feedback not only from technical specialists, but also from advocacy and community engagement groups that have insight into the potential impacts these technologies can have on members of underserved communities and marginalized groups.”

The previous version of the Digital Identity Guidelines and the role they give to biometrics was explained by Aware CCO Rob Mungovan at Identity Week 2021.

“This draft update reinforces that NIST’s guidelines have always allowed for alternatives to facial recognition as well as appropriate and fair use of facial recognition technologies and that NIST will be more fully defining these alternatives in the final guidelines,” comments Jason Miller, deputy director for management at the Office of Management and Budget.

The draft is intended to align with NIST’s Risk Management Framework, expanding on it with guidance for incorporating equity and usability considerations into digital identity risk management. Miller also noted that the document supports ongoing efforts by the White House to address theft of digital identities and public benefits. The U.S. National Institute of Standards and Technology has released revised guidelines for digital identification in federal government systems.

The new guidelines set technical requirements to support risk-based management of digital identities to reduce fraud and cybercrime, while maintaining equity and fundamental human rights.

The ‘Digital Identity Guidelines’ draft updates the section on using biometrics for identity proofing, including requirements for performance and testing. It identifies authentication methods that are more resistant to phishing attacks, and includes updated recommendations on best practices for sharing and exchanging digital identity information between different systems, as in federated authentication.

Identity federation, authentication, and proofing are dealt with in three volumes following the initial volume describing underlying risk management processes, as in previous versions of the guidelines.

Comments are due by March 24, 2023. NIST will also hold a workshop on January 12, 2023, to explain the major changes to the guidelines.

NIST is an agency of the Department of Commerce.

“These guidelines are intended to help organizations manage risks related to digital identity and get the right services to the right people while preventing fraud, preserving privacy, fostering equity and delivering high-quality, usable services to all,” says Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “We are actively seeking feedback not only from technical specialists, but also from advocacy and community engagement groups that have insight into the potential impacts these technologies can have on members of underserved communities and marginalized groups.”

The previous version of the Digital Identity Guidelines and the role they give to biometrics was explained by Aware CCO Rob Mungovan at Identity Week 2021.

“This draft update reinforces that NIST’s guidelines have always allowed for alternatives to facial recognition as well as appropriate and fair use of facial recognition technologies and that NIST will be more fully defining these alternatives in the final guidelines,” comments Jason Miller, deputy director for management at the Office of Management and Budget.

The draft is intended to align with NIST’s Risk Management Framework, expanding on it with guidance for incorporating equity and usability considerations into digital identity risk management. Miller also noted that the document supports ongoing efforts by the White House to address theft of digital identities and public benefits.  Read More Access Control, Biometrics News, Government Services, biometric authentication, biometrics, cybersecurity, digital identity, fraud prevention, government services, NIST, standards Biometric Update 

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami