RSA
Conference
week
is
always
a
whirlwind.
NIST
was
there
front
and
center
last
month,
and
we
learned
a
lot,
shared
a
lot,
and
made
a
big
announcement
during
the
festivities…
We
were
excited
to
announce
that
NIST’s
DRAFT
Identity
and
Access
Management
Roadmap
was
released
for
public
comment
on
Friday,
April
14th
and
that
the
comment
period
will
be
extended
to
June
16th.
What
is
the
Roadmap?
The
Roadmap
provides
a
consolidated
view
of
NIST’s
planned
identity
efforts
over
the
coming
years
and
serves
as
a
vehicle
to
communicate
our
priorities.
It
provides
guiding
principles,
strategic
objectives,
aligns
NIST
efforts
with
nationally-defined
priorities,
and
supports
long-term
planning
of
identity
and
access
management
(IAM)
initiatives.
It
covers
a
diverse
array
of
projects
including
biometric
technology
evaluation,
Mobile
Driver’s
License,
and
fraud
detection
using
Privacy
Enhancing
Technology.
It
also
integrates
teams
and
disciplines
from
across
NIST.
What
are
NIST’s
IAM
Guiding
Principles?
In
addition
to
communicating
strategic
priorities,
we
are
using
the
roadmap
to
reinforce
the
core
values
that
define
our
efforts.
These
are
represented
by
five
guiding
principles
that
will
be
imbued
in
our
work,
whether
it
be
via
guidance,
research,
or
reference
implementations:
-
Enhance
privacy
and
security
by
integrating
confidentiality,
integrity,
and
availability
into
our
efforts
alongside
the
core
privacy
engineering
objectives
of
predictability,
manageability,
and
disassociability. -
Foster
equity
and
individual
choice
by
exploring
the
diverse
socio-technical
impacts
of
identity
technology
and
integrating
optionality
and
flexibility
into
our
work
products. -
Promote
usability
and
accessibility
by
assessing
the
impacts
of
technology
on
diverse
communities
with
varying
levels
of
technology
access,
knowledge,
and
capabilities. -
Enhance
interoperability
and
standardization
by
creating
or
contributing
to
accessible
and
technically
viable
standards,
guidance,
and
specifications. -
Improve
measurement
and
transparency
of
identity
technology
by
creating
methodologies
and
metrics
that
enhance
the
fundamental
understanding
of
how
technologies
perform
and
are
open
and
available
to
the
public.
Taken
together,
these
principles
are
intended
to
set
the
conditions
for
responsible
innovation
–
the
idea
of
driving
towards
new
technologies
and
solutions
in
a
manner
that
is
informed
by
the
broader
impacts
associated
with
technological
change.
What
are
NIST’s
Strategic
Objectives?
The
Roadmap
highlights
eight
strategic
objectives
–
with
numerous
planned
supporting
activities
that
NIST
intends
to
explore
in
the
coming
years:
-
Accelerate
implementation
and
adoption
of
mobile
driver’s
license
and
user-controlled
digital
identities -
Expand
and
enhance
biometric
and
identity
measurement
programs -
Promote
technologies
that
enable
authoritative
attribute
validation -
Advance
secure,
private,
usable,
and
equitable
identity
proofing
and
fraud
mitigation
options -
Accelerate
the
use
of
phishing
resistant,
modern
multi-factor
authentication
(MFA) -
Modernize
Federal
Personal
Identity
Verification
(PIV)
guidance
and
Infrastructure -
Promote
greater
federation
and
interoperability
of
identity
solutions -
Advance
Dynamic
Authorization
and
Access
Control
Schemes
Each
of
these
objectives
are
multi-year
in
nature,
with
expected
collaboration
between
and
across
government,
academia,
and
industry—
which
NIST
considers
a
critically
important
part
of
the
process
(and
ultimately,
necessary
for
success).
Projects
in
support
of
these
objectives
will
run
the
spectrum
from
foundational,
pre-standardization
research
to
full
National
Cybersecurity
Center
of
Excellence
(NCCoE)
Practice
Guides
(basically,
our
“how
to”
resources).
How
can
I
get
involved?
You
can
start
by
commenting
on
the
roadmap!
We
published
it
to
gain
feedback
from
the
broadest
possible
spectrum
of
interested
parties.
So…please
read
it,
send
it
to
a
friend,
pass
it
around
your
community,
and
send
us
your
thoughts!
To
submit
your
comments
email
us
at
digital_identity
[at]
nist.gov
by
June
16th,
2023.
You
can
also
follow
our
work
on
the
IAM
Program
page,
join
one
of
our
Communities
of
Interest
at
the
NCCoE
(such
as
the
one
for
Digital
Identities
–
Mobile
Driver’s
License),
attend
our
events,
or
comment
on
our
guidance.
For
those
of
you
attending
Identiverse
we
will
be
giving
a
presentation
covering
the
roadmap
with
a
specific
emphasis
on
our
mDL,
PIV
Modernization,
and
international
interoperability
efforts.
We
look
forward
to
hearing
and
learning
from
you
all
along
the
way.