One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines.
These new guidelines will help set the course for best practices in handling digital identity for organizations across all sectors.
What is Digital Identity?
To grasp the update’s importance, it helps to understand the role of digital identity in an organization’s security posture.
In its 2017 guidelines, NIST defines digital identity as the online persona of a subject and how that subject is represented online, adding, “Digital identity is the unique representation of a subject engaged in an online transaction. A digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject in all contexts.”
The security risk around digital identities stems from verification. In real life, you can hand over your picture ID and prove your identity. For a long time, there was no way to offer up proof in online interactions. The business or person on the other end of the transaction simply had to trust you were who you said you were. This created an environment that made identity theft and impersonation easy.
The Role of Biometrics
The 2017 version of NIST’s Digital Identity Guidelines established proof of digital identity. The guidelines relied on any number of familiar authenticators, like passwords and MFA. They also touched on biometrics, both physical and behavioral, to prove digital identity. But in 2017, the guidelines only supported limited use of biometrics. They stated that some metrics could be spoof ..
Support the originator by clicking the read the rest link below.
