The National Institute of Standards and Technology (NIST) is requesting public comment on a possible update of its 2012 Electronic Authentication Guideline.
Electronic authentication verifies the identity of a user when they log in to an information system, ensuring that the remote user is who they claim to be. The identity established during authentication can be pseudonymous—that is, the true identity of the person is unknown, but the fact of the right to access is established.
Many online interactions demand a high level of confidence in authentication, so the methods that go beyond the familiar username/password combination are imperative for the future.
"Given innovations in the marketplace and the increase of online federal services, including Connect.gov, we think it is appropriate to consider an update of NIST's Electronic Authentication Guideline," says NIST senior advisor Paul Grassi. "In addition, as the Identity Ecosystem envisioned by the National Strategy for Trusted Identities in Cyberspace (NSTIC) continues to evolve, NIST guidelines should reflect and support it."
As the first step in revising the publication, NIST is soliciting recommendations from experts (including those in industry, government, and educational fields) on which sections of the document need to be revised. In addition to overall technology changes, the revision is driven by three recent developments in the federal government.
Like the original version, the revised guideline will supplement the Office of Management and Budget's E-Authentication Guidance for Federal Agencies.
The current version of NIST's Electronic Authentication Guideline is available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf. The Note to Reviewers is available online. Please send your questions and comments by May 22, 2015, to eauth-comment [at] nist.gov.