Latest draft of NIST digital identity guidance adds digital wallet, passkey details

The revised digital identity guidelines from America’s National Institute of Standards and Technology are up for a final review after being published Wednesday.

NIST SP 800-63 Revision 4 and its SP A, B and C companions have each been updated following the feedback collected last year. The new publication is the second public draft of the update. The first draft was published last July, and included stronger accuracy requirements for biometric authentication and changes to the identity assurance levels (IALs). More details on digital wallets have been added to SP 800-63C, and passkey guidance is expanded in SP 800-63B.

Office of Management and Budget Deputy Director for Management Jason Miller notes the draft reflects a White House focus on strengthening fraud protection while ensuring access to digital services.

The draft incorporates feedback from private industry, federal agencies, privacy and civil rights advocacy groups and the public.  The process was launched in 2022, and is up to 4,000 comments from 140 organizations. It was up to 3,800 comments just over a year ago. Many of them focus on syncable authenticators (as in passkeys) and digital IDs presented from user-controlled digital wallets.

Not everyone wants to use these digital identity tools, however, so the draft also includes expanded guidance on maintaining service access through traditional forms of identification. That includes in-person identity proofing and ways to deal with exceptions, as well as the “applicant reference,” who vouches for someone without ID documents.

“Everyone should be able to lawfully access government services, regardless of their chosen methods of identification,” says Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “These improved guidelines are intended to help organizations of all kinds manage risk and prevent fraud while ensuring that digital services are lawfully accessible to all.”

“We are trying to make sure we maintain as many pathways as possible to enable secure online access to services,” says NIST Digital Identity Program Lead and Co-author of the SP Ryan Galluzzo. “We want to open up the use of modern digital pathways while still allowing for physical and manual methods whenever they may be necessary.”

Biometrics guidance updated

The new draft also updates NIST’s guidance on using face biometrics for identity verification, based on input from the agency’s in-house subject-matter experts.

Updates to the biometrics guidance are intended to ensure accuracy and privacy protections, and the manual review of errors and challenges experienced by users.

“We continue to augment the guidance to emphasize the importance of providing alternatives to face recognition and biometrics, particularly for systems supporting public services,” Galluzzo says.

NIST will further explain the changes to the guidance in an August 28 webinar, and is seeking public comments on the draft through October 7, 2024.

Article Topics

biometric authentication  |  biometrics  |  digital identity  |  digital wallets  |  face biometrics  |  NIST  |  passkeys  |  Ryan Galluzzo