NIST seeks input, awards contract to hone digital identity guidance

A U.S. government body is seeking feedback on how attribute validation services (AVS) should work as part of its broader effort to improve the security, privacy and trust of digital identity and online interactions.

Attribute validation is a core element of secure and privacy-preserving digital identity management, according to a draft report from the National Institute of Standards and Technology.

The draft report on Attribute Validation Services for Identity Management, NIST IR 8480 (initial public draft) is intended to provide a foundation for agencies at all levels of government to design and develop their own AVS. Those that hold authoritative data can provide it do other organizations to help them confirm self-asserted claims about identity and authorization. One example provided is the need for user attributes like location or clearance level to be used in granting access under a zero-trust model.

“Ultimately, the intent is to facilitate greater use of government data in a manner that preserves user privacy while also enabling increased equity by decreasing reliance on incomplete commercial data,” the report states.

NIST’s Ryan Galluzzo and Connie LaSalle authored the draft report, along with Maria Vachino and Richard Newbold of Calvert Consulting.

The agency asks in the report itself about any relevant patent claims, and also seeks general feedback.

NIST asks specifically if the considerations presented are “sufficiently complete and useful for agencies and government organizations” that want to offer AVS, if other architectural models should be explored, or other resources or standards referenced in the report. It also seeks comment on and gaps in the standards environment that should be considered in the future, additional considerations, such as for security or privacy, and if any other organizational, technical or policy constraints should be discussed.

NIST provides both a template for comments and the email address to send them to in a description of the draft report and the comments sought. The comment period closes in a month, on November 8.

Electrosoft wins task order for digital identity services

Electrosoft has won a task order from NIST to support the finalization of its digital identity guidelines.

Under the Indefinite Delivery, Indefinite Quantity contract under the Cybersecurity and Privacy Support Services (CAPSS) program, the company will provide technical expertise and consultation in several areas. Electrosoft will participate in the development of resources for implementing the digital identity guidelines set out in NIST SP 800-63-4, international standardization and the development of interoperability profiles for identity federation, authentication, and credential specifications. The company will help NIST get a handle on new and emerging technologies and assist in the development of national and international standards, guidance, best practices and profiles for identity and access management (IAM), according to the announcement.

“NIST’s digital identity guidance is essential to the quickly evolving digital landscape, helping to protect users by ensuring that digital identity systems are secure and robust,” said Dr. Sarbari Gupta, CEO of Electrosoft. “We are honored to continue our support of the NIST Digital Identity Program and the ongoing evolution of Digital Identity Guidelines, which focuses on providing foundational risk management processes and requirements that enable the implementation of secure, private, equitable, and accessible identity systems.”

Electrosoft notes that it has been involved with NIST’s work on digital identity since the program was called the National Strategy for Trusted Identities in Cyberspace (NSTIC).

Article Topics

attribute validation services  |  digital identity  |  Electrosoft  |  identity management  |  NIST  |  Ryan Galluzzo  |  standards  |  zero trust