Today, we published our first supplement to the Digital Identity Guidelines. A supplement is a specific document type that is intended to enhance, augment, or elaborate on an existing NIST Special Publication (SP). They provide a mechanism for NIST to more rapidly adapt to changes in the technology and threat environments. This supplement to NIST SP 800-63B provides interim guidance for agencies seeking to make use of ‘syncable authenticators’ (for example, FIDO Passkeys) in both enterprise-facing and public-facing use cases.
When implemented correctly syncable authenticators provide a phishing-resistant authenticator with many benefits, such as simplified recovery, cross device support, and consumer friendly platform authentication features (e.g., native biometrics). This supplement addresses an immediate need for many agencies by providing direction on how to use this new security technology in support of the Federal Zero Trust strategy. Comments on syncable authenticators and the overall content of the supplement can be submitted through the upcoming second public comment period for the Digital Identity Guidelines Revision 4, which will open later this year.
Security and Privacy: authentication