The National Institute of Standards and Technology is revising Special Publication 800-63, Digital Identity Guidelines, which gives guidance to federal agencies on how to implement identity verification requirements. The document was last revised in 2017 and is being updated to reflect the current cybersecurity environment and the changes in threats that have occurred since then.
The new version will look at some of the privacy and ethical considerations that must be taken into account with new guidelines, the new risk management
techniques that may be incorporated and the new technology that may be needed to implement the guidelines. The guidelines will also create a path to phishing-resistant authentication that is stronger than simple multifactor authentication.
FedTech discussed the new guidelines with David Temoshok, senior adviser for applied cybersecurity and the Information Technology Laboratory at NIST; the lab has responsibility for all 800 series special publications.
FEDTECH: These guidelines were last updated in 2017, a lifetime in the world of cybersecurity. What’s happened since then that made the updates necessary?
TEMOSHOK: We had the pandemic and the government's response to the pandemic, which really accelerated the transition from in-person government services to online services. The government also established pandemic relief programs, which attracted cyberattackers. We saw many new forms and a much greater volume of cyberattacks. We saw bot attacks, automated attacks, an emergence in synthetic identities and phishing attacks across the spectrum of government online services. Funding and financial services and benefits were available that just weren't there previously.
Click on the banner below to learn more about identity management.