NIST Seeks Feedback on Electronic Authentication Guideline Revisions
The National Institute of Standards and Technology (NIST) is requesting feedback for a proposed update to the 2012 Electronic Authentication Guidelines, which are designed to help organizations employ solutions that verify the identity of a user when they access an information system.
The NIST guidelines seek to ensure that the identity established during the authentication process can be pseudonymous, where the actual identity of the user is not required yet the right to access the system can be established with a high level of confidence, and such authentication methods must go beyond the traditional username and password combination.
“Given innovations in the marketplace and the increase of online federal services, including Connect.gov, we think it is appropriate to consider an update of NIST’s Electronic Authentication Guideline,” said Paul Grassi of NIST.
“In addition, as the Identity Ecosystem envisioned by the National Strategy for Trusted Identities in Cyberspace (NSTIC) continues to evolve, NIST guidelines should reflect and support it.”
NIST is seeking recommendations from authentication experts from the private sector, government, and higher educational about which sections of the guidelines need to be revised.