FB pixel

NIST finalizes first full Digital Identity Guidelines update since 2017

Adds passkeys, digital wallets, risk management context, biometrics alternatives
| Chris Burt
Categories Biometric R&D  |  Biometrics News  |  Government Services
NIST finalizes first full Digital Identity Guidelines update since 2017
 

The U.S. National Institute of Standards and Technology has finalized the update of its digital identity guidelines to incorporate new technologies including digital wallets and passkeys.

Revision 4 of NIST’s Digital Identity Guidelines, SP 800-63-4, is the first completed update since 2017. The guidelines are intended to direct agencies on how to manage risk within the context of digital identity programs.

In addition to advice on how to integrate digital wallets and passkeys, the guidelines also provide new advice on setting context for risk management, measuring continuous evaluation and identity proofing processes, and adds controls to address identity fraud through the use of injection attacks to deliver deepfakes. They also more clearly define roles and types of identity proofing and emphasize the importance of providing alternatives to face biometrics in the process.

“And…for those of you looking for it, since we know you are out there, changes to the password composition and rotation expectations are also included in the document,” write NIST Digital Identity Program Lead for the Applied Cybersecurity Division Ryan Galluzzo, NIST IT Lab Senior Technology Policy Advisor Connie LaSalle and NIST Computer Security Division Project Lead for Applied Cryptography Andrew Regenscheid in a blog post on the changes. “All these changes represent an extensive update from NIST SP 800-63 Revision 3 — drawing heavily from real-world lessons and innovations.”

Electrosoft supported the finalization of NIST’s digital identity guidelines under a contract awarded last October. A draft was published in August for review, when previous versions released since 2022 had already received 4,000 comments from 140 organizations.

NIST is already developing implementation resources to go with the Guidelines, and also exploring setting criteria for machine-readable conformance and creating a Digital Identity Risk Management tool, according to the post.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics deployments at scale need transparency to help businesses, gain trust

The importance of biometrics testing and transparency are a recurring theme in this week’s top news stories on Biometric Update….

 

OpenAge is on a roll: CEO talks AgeKeys with Biometric Update Podcast

Since launching in November, the OpenAge Initiative has become a common reference point among many in the age assurance industry….

 

Milwaukee police sink efforts to contract facial recognition with unsanctioned use

A meeting on whether and how Milwaukee police should use facial recognition in criminal investigations took an unexpected turn Thursday…

 

New UK deepfake detection testing framework, challenge aim to meet crisis head-on

Having declared deepfakes the greatest challenge of the online age, the UK government is set to take the lead on…

 

Kneron’s access control biometrics pass Fime performance and PAD assessments

Kneron’s has passed assessments for biometric presentation attack detection and performance in a month-long evaluation of its access control technology…

 

Entreprises d’identité, unissez-vous! French MoU unites EUDI Wallet stakeholders

Dozens of firms and public authorities have agreed to work together on the launch of France’s implementation of the European…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events