NIST Rolls Out New Authentification Guidelines

The National Institute of Standards and Technology has put out a revised guideline for electronic authentication for verification of users of their Web-based services.

Since the first publishing of the guidelines, the industry has grown around authentication and new technologies such as cryptographic keys or physical tokens are becoming authentication methods systems rely on. 

Tim Polk, NIST computer security expert and Cryptographic Technology Group manager at NIST indicated that changes in the document are reflection of  ”changes in the state of the art.”

“There are new techniques and tools available to government agencies, and this provides them more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security,” he said. 

In the release, NIST encourages agencies to take advantage of commercial systems or of other government entities since guidelines apply whether or not authentication services are handled by the agency itself or if the service is outsourced to other firms.

The revision defined assertion-based authentication as being able to have single-sign on or multiple online services. A verified user will have additional information in regard to what level access (levels are defined in the full length revision) can possible without manual intervention. 

Related posts:

1. NIST Seeks Public’s Input on Cloud Definition, Security Guidelines
2. NIST Providing a Map to the Cloud
3. NIST Publishes Updated Report on Government Cybersecurity
4. NIST Seeks Input on Overhauled Catalog for Federal Information Systems
5. Navy Gets New Cyber Guidelines