The National Institute of Standards and Technology (NIST) recently released a second draft of its Digital Identity Guidelines, which significantly impact online identity verification and cybersecurity for government contractors. This draft outlines expanded requirements in identity proofing, continuous monitoring, and fraud detection. Contractors must adopt new methods for identity proofing, including remote and onsite verification, and implement continuous evaluation to adapt to evolving cyber threats.
Further, the guidelines emphasize fraud prevention by mandating organizations regularly assess security measures against new risks. Contractors are now allowed to use syncable authenticators and digital wallets, enabling users to securely manage and present credentials across various federal systems. Additionally, risk-based authentication lets agencies assign security levels based on information sensitivity, enhancing the flexibility of identity management.
The draft guidelines also underscore privacy, equity, and usability, requiring accessible solutions for individuals with disabilities and addressing bias in AI systems. Multi-Factor Authentication (MFA), including biometrics, is emphasized to boost security, aligning with NIST’s personal identity verification standards for federal contractors.
To manage AI in identity systems, the guidelines mandate transparent documentation of AI and ML usage and adherence to the NIST AI Risk Management Framework. This includes disclosing training data and regularly testing AI models to prevent biases and other risks. NIST’s public comment period ends on October 7, 2024, and government contractors are urged to prepare for compliance as these guidelines are likely to impact future federal contracting standards and cybersecurity practices.
Reference:
