Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!

Back in January, NIST's Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication.

Through a combination of input from that workshop and analysis performed by experts (both internal and external to NIST) we have developed a proposed framework that can be used to quantify the security of authentication solutions - and now, we want to hear from you again. I'm happy to announce that the Strength of Function for Authenticators - Biometrics (SOFA-B) Discussion Draft is now open for comment.

SOFA is a proposed framework to evaluate and compare the strength of authentication solutions. SOFA-B is the strength of function for biometric authentication. This was our initial focus due to increased availability of biometric sensors in the consumer space. The SOFA model incorporates three aspects, explained further in the draft: matching performance, presentation attack detection (aka spoof detection), and effort (to break a system).

Ready to get involved? NIST plans for the initial input period to run for 60 days, from October 17th to December 16th. Due to the great success we’ve had with GitHub in the recent past, we are excited to use it again! Direct suggestions or comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to sofa@nist.gov. Comments will likely be added to GitHub to maximize transparency and collaboration, so please note that emailed feedback will be made public.

We can’t wait to hear from you, and thank you for your ongoing participation and contributions in developing the framework. Happy commenting!

Twitter: @NSTICNPO

About the author

Related posts

Let’s talk about IoT device security

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.