Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Insights

a NIST blog

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

October 18, 2016

By: Elaine Newton

Back in January, NIST's Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication.

Through a combination of input from that workshop and analysis performed by experts (both internal and external to NIST) we have developed a proposed framework that can be used to quantify the security of authentication solutions - and now, we want to hear from you again. I'm happy to announce that the Strength of Function for Authenticators - Biometrics (SOFA-B) Discussion Draft is now open for comment.

SOFA is a proposed framework to evaluate and compare the strength of authentication solutions. SOFA-B is the strength of function for biometric authentication. This was our initial focus due to increased availability of biometric sensors in the consumer space. The SOFA model incorporates three aspects, explained further in the draft: matching performance, presentation attack detection (aka spoof detection), and effort (to break a system).

Ready to get involved? NIST plans for the initial input period to run for 60 days, from October 17^th to December 16^th. Due to the great success we’ve had with GitHub in the recent past, we are excited to use it again! Direct suggestions or comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to sofa [at] nist.gov (sofa[at]nist[dot]gov). Comments will likely be added to GitHub to maximize transparency and collaboration, so please note that emailed feedback will be made public.

We can’t wait to hear from you, and thank you for your ongoing participation and contributions in developing the framework. Happy commenting!

Twitter: @NSTICNPO

Publications

About the author

Elaine Newton

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide

May 1, 2024

The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small

Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…

February 26, 2024

NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity &

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

June 22, 2023

NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series

Comments

Add new comment

Your name

CAPTCHA

What code is in the image? *

Enter the characters shown in the image.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.

Cybersecurity Insights

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

Share