FIDO trying to guide US government toward robust ID program
The FIDO Alliance has published a guide for the U.S. government in implementing a better, more robust identity program for its countless agencies.
The alliance foresees FIDO-compliant software protecting users who aren’t personal ID verification-eligible with phishing-resistant authentication. The same goes for remote workers who don’t need physical access to a facility and new employees still waiting for their PIV.
It would support key performance indicator- and FIDO-based phishing-resistant MFA to take the lifecycle of ID management regardless of person type and integrate it with the lifecycle of access management for all of an agency’s resources. And it would do so regardless of authorization method.
The document is also giving the government some technical points to consider as it deploys FIDO authentication for existing and future zero-trust objectives.
The alliance nods to the necessity of PIVs and common access cards, saying their strengths will endure. So, too, will FIDO authentication and supporting infrastructure, and they are needed to promote certificate-based authentication supporting zero trust.
There is a webinar scheduled November 28 on this topic.