NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

DIGITAL AUTHENTICATION (formerly “Electronic Authentication”)

Digital authentication is the process of establishing confidence in user identities digitally presented to an information system. Business owners are often faced with a choice of mechanisms based on a wide variety of technologies to perform local or remote authentication. The use of multi-factor authentication (MFA) provides an increased layer of security to transactions by adding multiple MFA options during a transaction.

Digital Authentication and NSTIC
The National Strategy for Trusted Identities in Cyberspace (NSTIC) office – part of the Trusted Identities Group in the Applied Cybersecurity Division at NIST – focuses on achieving an environment in which individuals and organizations use secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

Special Publication 800-63-3, Digital Authentication Guideline
In a joint effort between the Computer Security Division and the Applied Cybersecurity Division, draft NIST Special Publication (SP) 800-63-3, Digital Authentication Guideline, contains new requirements and updates based on feedback from experts, industry stakeholders, and NSTIC pilots since the last version was published. The suite of SP 800-63-3 documents provides technical guidelines to agencies to allow an individual to authenticate his or her identity to a Federal digital service. These technical guidelines supplement guidance in OMB Memo M-04-04, E-Authentication Guidance for Federal Agencies, which defines four levels of assurance in terms of the consequences of authentication errors and misuse of credentials, and supersede NIST SP 800-63-1 and SP 800-63-2. For the latest updates on SP 800-63-3, visit https://www.nist.gov/itl/nstic/special-publication-800-63-3.

[In early 2015, NIST solicited public feedback on potential changes to SP 800-63-2, and received comments from 28 organizations and individuals.]

A More Secure Future of Digital Services
White House Executive Order 13681Improving the Security of Consumer Financial Transactions, calls for “all agencies making personal data accessible to citizens through digital applications” to “require the use of multiple factors of authentication and an effective identity proofing process.” Working toward this Executive Order will ultimately enable citizens to better engage with federal agencies and will increase the security, privacy, and convenience of online transactions.

Contact:
Paul Grassi
Applied Cybersecurity Division
paul.grassi@nist.gov