The recent drafts from National Institute of Standards and Technology around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing security against cyber threats. This is because NIST’s primary goal is to develop and disseminate the standards that allow technology to work seamlessly and businesses to operate smoothly. In December 2022, NIST provided an update to NIST special publication 800-63-4, which details digital identity guidelines designed to...
The recent drafts from National Institute of Standards and Technology around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing security against cyber threats. This is because NIST’s primary goal is to develop and disseminate the standards that allow technology to work seamlessly and businesses to operate smoothly. In December 2022, NIST provided an update to NIST special publication 800-63-4, which details digital identity guidelines designed to help strengthen digital identity assurance and authentication, recognizing shifts in both risk and emerging authentication models such as phishing-resistant multi-factor authentication and passkeys.
The details of the draft guidelines are important because they affect agency operations at large. 800-63-4 clearly defines what it means to be phishing-resistant, and it comes at a time when many government agencies (especially state and local governments) are besieged by phishing attacks and ransomware demands. However, it’s important to understand what phishing-resistance authentication means for federal, state and local agencies, and what needs to be done to abide by these proposed guidelines.
