producing a NISTIR containing guidance for a schema on attribute metadata
producing a document containing guidance for measuring & evaluating strength of a biometric authentication system
charter to be released soon!
collecting community feedback on the updated document
developing a security & privacy profile of OpenID Connect specifications allowing users to authenticate & share consented attribute information with public sector services across the globe
creating a privacy-enhanced identity broker reference design and practice guide in a joint effort with the NCCoE
Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop
June 5, 2017 | 8:30 AM - 12:30 PM | Gaithersburg, Maryland
As part of an ongoing series of workshops on privacy engineering and risk management, NIST will host a public workshop on June 5th in Gaithersburg, Maryland on privacy risk assessments. This workshop builds off the concepts introduced in January 2017 in NIST Internal Report 8062 (An Introduction to Privacy Engineering and Risk Management in Federal Systems). Participants will discuss the function of privacy risk assessments as a prerequisite for conducting privacy risk management, and the role of privacy risk models. This discussion will assist NIST in the development of a body of guidance on privacy risk management aligned with NIST guidance on cybersecurity risk management.
Registration closes on May 29, 2017.
Applicants’ Webinar - New Funding Opportunity: Assessing the Benefits and Impacts of Five NIST State Pilots
March 28, 2017
This webinar—hosted by our experts at NIST—provided an overview of the new funding opportunity, in which NIST seeks applicants to assess five state Trusted Identities Group pilots, awarded in 2016. With this funding opportunity, NIST seeks to enable broader adoption of trusted identity solutions. The recipient of this funding will quantify the benefits of these identity solutions to the organization and end users, share lessons learned, and recommend how similar solutions can be adopted elsewhere -- in public sector programs and services at all levels of government. The webinar also included a Q&A period for participants to ask questions.
Webinar video: here
>> More details can be found on this webinar's event page.
Special Publication 800-63-3 Public Draft Webinar
February 7, 2017
Much has changed in Special Publication 800-63 since revision 2, and we realize not everyone had a chance to review the document over the summer (you can find a full rundown of changes HERE). In an informational webinar on the public draft of Special Publication 800-63-3: Digital Identity Guidelines, Paul Grassi shared some of the most significant updates made to the document, highlighted the approach during the public comment period, and most importantly, answered questions about this significant set of updates.
Webinar video: here
Strength of Function for Authenticators - Biometrics (SOFA-B) Discussion Draft Webinar
November 21, 2016
NIST is looking for your feedback on the recently released discussion draft: Strength of Function for Authenticators – Biometrics (SOFA-B). This webinar provided participants an overview of the content and a chance to ask questions of the authors (1 – 1:30 PM). Additional Q&A time (1:30 – 2 PM) was provided for participants who wished to discuss specific feedback. Direct suggestions and comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to email@example.com until December 16, 2016.
Webinar video: here
Privacy Controls Workshop: Next Steps for NIST Special Publication 800-53, Appendix J
September 8, 2016
Location: Department of Transportation (DOT)
The public comment period for the below discussion draft closed on September 30, 2016. Stay tuned for additional ways to engage.
Discussion Draft: PDF
NIST and the Department of Transportation (DOT) co-hosted a public workshop to gather input on the privacy controls in Appendix J of NIST Special Publication 800-53, Revision 4. The workshop explored the effectiveness and challenges of applying the current privacy controls in 800-53 and whether changes should be made in the publication’s fifth revision. Panelists and attendees participated in facilitated discussions on topics including potential amendments to the privacy control families, broader guidance on the relationship between the privacy and security controls, and the need for additional NIST guidance on the implementation of controls into better support privacy engineering practices in federal agencies.
Questions? Contact firstname.lastname@example.org
Advanced Identity Workshop: Applying Measurement Science in the Identity Ecosystem
January 12 – 13, 2016
This technical workshop brought together a diverse community of participants, technology vendors, cybersecurity researchers, policy makers, and other experts from the public and commercial sectors to tackle tough issues in identity and access management. The following challenges were addressed: strength of identity proofing (both remote and in-person), strength of authentication with a focus on biometrics, and attribute confidence to assist in effective authorization decision making.