NIST updates federal government IDV options for remote digital identity
NIST is increasing the types of credentials that U.S. federal government will accept from employees and contractors to include digital identity for remote processes. It is the first update of the rules since 2013.
The National Institute of Standards and Technology has been looking at ways to expand beyond the personal ID verification, or PIV card.
The PIV card remains in place, but it is an inadequate tool when so many people working for the government use mobile devices and log into cloud apps that do not use public-key infrastructure.
Now agency officials can opt for multifactor authentication with Fast ID Online (FIDO) tokens and one-time passwords. The newly acceptable ID-verification tools have been listed in NIST SP 800-63-3. Further NIST publications on topics associated with the new FIPS 201-3, like federated digital identity, are planned for the months ahead.
The updated PIV specification document addresses the use of biometrics in background investigations, the issuance of PIV cards (which include face and fingerprint biometrics, with an option for iris biometrics), and comparisons against databases maintained by the FBI.