This page is ARCHIVED. Please visit https://www.nist.gov/identity-access-management for current information on NIST’s Identity and Access Management work.
October 19, 2017 | Gaithersburg, Maryland | Registration & Details
Given stakeholder concerns and ongoing security incidents, there has been interest in NIST providing guidance for federal agencies on how to secure their IoT within their Federal Information Security Modernization Act (FISMA) responsibilities. While agencies are aware that IoT introduces security and privacy risks, there is confusion regarding how to address and mitigate these risks. Having observed the broadened threat landscape and processed stakeholder feedback, the NIST Cybersecurity for IoT Program is interested in the prospect of providing guidance for federal agencies on common high-level security and privacy risks. The Program is hosting this colloquium to hear from the community about these concerns, better understand the threat landscape, gauge stakeholder interest in such guidance, and determine next steps.
For more information, please visit the event page.
June 5, 2017
As part of an ongoing series of workshops on privacy engineering and risk management, NIST hosted a public workshop on privacy risk assessments. This workshop built off the concepts introduced in January 2017 in NIST Internal Report 8062 (An Introduction to Privacy Engineering and Risk Management in Federal Systems).
March 28, 2017
This webinar—hosted by our experts at NIST—provided an overview of the new funding opportunity, in which NIST seeks applicants to assess five state Trusted Identities Group pilots, awarded in 2016.
Webinar video: here
February 7, 2017
Much has changed in Special Publication 800-63 since revision 2, and we realize not everyone had a chance to review the document over the summer (you can find a full rundown of changes HERE). In an informational webinar on the public draft of Special Publication 800-63-3: Digital Identity Guidelines, Paul Grassi shared some of the most significant updates made to the document, highlighted the approach during the public comment period, and most importantly, answered questions about this significant set of updates.
Webinar video: here
November 21, 2016
NIST is looking for your feedback on the recently released discussion draft: Strength of Function for Authenticators – Biometrics (SOFA-B). This webinar provided participants an overview of the content and a chance to ask questions of the authors (1 – 1:30 PM). Additional Q&A time (1:30 – 2 PM) was provided for participants who wished to discuss specific feedback. Direct suggestions and comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to sofa [at] nist.gov until December 16, 2016.
Webinar video: here
September 8, 2016
NIST and the Department of Transportation (DOT) co-hosted a public workshop to gather input on the privacy controls in Appendix J of NIST Special Publication 800-53, Revision 4. The workshop explored the effectiveness and challenges of applying the current privacy controls in 800-53 and whether changes should be made in the publication’s fifth revision. Panelists and attendees participated in facilitated discussions on topics including potential amendments to the privacy control families, broader guidance on the relationship between the privacy and security controls, and the need for additional NIST guidance on the implementation of controls into better support privacy engineering practices in federal agencies.
Discussion Draft: PDF
Questions? Contact privacyeng [at] nist.gov (subject: , body: )
January 12 – 13, 2016
This technical workshop brought together a diverse community of participants, technology vendors, cybersecurity researchers, policy makers, and other experts from the public and commercial sectors to tackle tough issues in identity and access management. The following challenges were addressed: strength of identity proofing (both remote and in-person), strength of authentication with a focus on biometrics, and attribute confidence to assist in effective authorization decision making.