April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Standards agency recognizes importance of private authentication tools

NIST

The National Institute of Standards and Technology’s newly-released revision of government electronic identity authentication guidelines recognizes new tools and techniques have risen that offer safe, flexible applications for government users.

In NIST’s revised edition of its Electronic Authentication Guideline  the agency said it expanded the options government agencies can use to verify the identity of users of their Web-based services. The revision of the Electronic Authentication, said NIST, is the first since 2006. The extensive update of the document, it added, is extensive and “recognizes that times, and technologies, have changed.”

“Changes made to the document reflect changes in the state of the art,” explained NIST computer security expert Tim Polk, Cryptographic Technology Group manager at NIST. “There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security.”

When SP 800-63 was first released, said NIST in a statement on Dec. 13, its authors assumed that most agencies would handle figuring out if users’ identities in-house. The growth of an entire industry focused on providing authentication services, however, has grown since the initial release. NIST said that industry “is often in the best interest of agencies to take advantage of commercial systems or those of other government entities.” It added that while passwords are still the go-to authentication mechanism, a growing number of systems rely on cryptographic keys or physical tokens.

According to the agency, the revision broadens the discussion of technologies available to agencies and gives a more detailed discussion of these technologies and isn’t meant to constrain government users from developing their own authentication methods. It recommended that government users developing their own methods use an established process to do so.

Government agencies have the option of using the services of companies that have had their authentication systems certified through the Federal Chief Information Officer Council’s Trust Framework Provider Adoption Process (TFPAP), said NIST. That program assesses credentialing processes against federal requirements, including those established in 800-63. To ensure consistency and avoid redundant analysis, NIST strongly encouraged agencies to leverage the TFPAP process.

SP 800-63-1 is the official implementation guidance for the Office of Management and Budget (OMB) Memorandum 04-04, “E-Authentication Guidance for Federal Agencies.” Polk stressed that the revised NIST guideline may inform but is not intended to restrict or constrain the development or use of standards for implementation of the National Strategy for Trusted Identities in Cyberspace (NSTIC). NIST SP 800-63-1 is specifically designated as a guideline for use by federal agencies for electronic authentication. NSTIC, in contrast, has a broader charge: the creation of an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...