NIST requests feedback on digital identity guidelines, including for behavioral biometrics and liveness
The National Institute of Standards and Technology has issued a call for comments on its digital identity guidelines contained in four documents.
The agency is seeking review and feedback on its Special Publication (SP) 800-63-3 Digital Identity Guidelines, SP 800-63A Enrollment and Identity Proofing, SP 800-63B Authentication and Lifecycle Management, and SP 800-63C Federation and Assertions, which collectively provide the controls and technical requirements for specified digital identity management assurance levels.
A note to reviewers provides specific topics NIST is seeking feedback on, including “Privacy enhancements and considerations for identity proofing, authentication, and federation, including new developments in techniques to limit linkability and observability for federation,” the continued use of SMS and PSTN as restricted authentication channels for out-of-band authenticators, and security and performance capabilities such as presentation attack detection or liveness checks for biometrics collection to support Identity Assurance Level 2 remote identity proofing. The use of behavioral characteristics and dynamic knowledge-based identity verification are also noted as topics on which NIST hopes to receive feedback.
The review is needed because of a policy memo from the Office of Management and Budget (OMB) directing federal agencies to boost their identity and access management capabilities and asking NIST to update its guidance, as well as changes to the NIST Cybersecurity Framework and Privacy Framework, and the OMB policy memoranda on COVID-19 response and mission continuity.
Comments are due by August 10, 2020.
The Slandala Company was recently approved for assessing compliance to NIST digital identity guidelines by the Kantara Initiative.