The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has announced the release of its draft publication, Digital Identity Guidelines, which aims to help organizations manage risks associated with digital interactions and covers technical requirements that help individuals use digital identities successfully. NIST is seeking feedback on how to improve the draft guidance, with the goal to achieve a more competitive, secure, private, and inclusive identity ecosystem.
The multivolume draft, available via NIST, describes a process for identifying, assessing, and managing digital identity risks that aligns with the NIST Risk Management Framework (RMF). The draft includes privacy requirements and offers considerations for fostering equity and the usability of digital identity solutions, as well as supporting technologies and processes, placing the risks faced by individuals accessing services alongside risks to the organizations that operate those services.
New additions to the draft include:
“These guidelines are intended to help organizations manage risks related to digital identity and get the right services to the right people while preventing fraud, preserving privacy, fostering equity, and delivering high-quality, usable services to all,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “We are actively seeking feedback not only from technical specialists, but also from advocacy and community engagement groups that have insight into the potential impacts these technologies can have on members of underserved communities and marginalized groups.”
NIST will host a virtual workshop on January 12, 2023, to provide details on the major changes to the guidelines and the comment process. Interested parties can register via NIST to attend.
See the NIST news item for more details and how to submit feedback on the draft by March 24.