FB pixel

NIST finalizes first full Digital Identity Guidelines update since 2017

Adds passkeys, digital wallets, risk management context, biometrics alternatives
| Chris Burt
Categories Biometric R&D  |  Biometrics News  |  Government Services
NIST finalizes first full Digital Identity Guidelines update since 2017
 

The U.S. National Institute of Standards and Technology has finalized the update of its digital identity guidelines to incorporate new technologies including digital wallets and passkeys.

Revision 4 of NIST’s Digital Identity Guidelines, SP 800-63-4, is the first completed update since 2017. The guidelines are intended to direct agencies on how to manage risk within the context of digital identity programs.

In addition to advice on how to integrate digital wallets and passkeys, the guidelines also provide new advice on setting context for risk management, measuring continuous evaluation and identity proofing processes, and adds controls to address identity fraud through the use of injection attacks to deliver deepfakes. They also more clearly define roles and types of identity proofing and emphasize the importance of providing alternatives to face biometrics in the process.

“And…for those of you looking for it, since we know you are out there, changes to the password composition and rotation expectations are also included in the document,” write NIST Digital Identity Program Lead for the Applied Cybersecurity Division Ryan Galluzzo, NIST IT Lab Senior Technology Policy Advisor Connie LaSalle and NIST Computer Security Division Project Lead for Applied Cryptography Andrew Regenscheid in a blog post on the changes. “All these changes represent an extensive update from NIST SP 800-63 Revision 3 — drawing heavily from real-world lessons and innovations.”

Electrosoft supported the finalization of NIST’s digital identity guidelines under a contract awarded last October. A draft was published in August for review, when previous versions released since 2022 had already received 4,000 comments from 140 organizations.

NIST is already developing implementation resources to go with the Guidelines, and also exploring setting criteria for machine-readable conformance and creating a Digital Identity Risk Management tool, according to the post.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Opinions on UK Online Safety Act emphasize importance of enforcement

Online safety legislation is making headlines around the world. But in places where laws have taken effect, are they proving…

 

UK Home Office raises estimate for passport contract to 12 years, £576M

The UK Home Office has opened a third round of market engagement for its next major passport manufacturing and personalization…

 

US lawmakers move to restrict AI chatbots used by kids

A bipartisan pair of House and Senate bills would impose new federal restrictions on AI chatbots, including a ban on…

 

Utah age assurance law for VPN users takes effect this week

Privacy advocates and virtual private network (VPN) providers are up in arms over Utah’s Senate Bill 73 (SB 73), “Online…

 

CLR Labs wins ISO 17025 accreditation for biometrics testing across EU

Cabinet Louis Reynaud (CLR Labs) has been accredited for ISO/IEC 17025, the international standard for testing and calibration laboratories, in…

 

Leidos, Idemia PS advance checkpoint modernization with biometrics, CAT-2 systems

Leidos and Idemia Public Security have formed a strategic partnership to deploy biometric‑enabled eGates and integrated Credential Authentication Technology (CAT-2)…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events