NIST Updates Digital ID Guidelines for 'Changing Digital Landscape'
Identity risk management is a “team sport,” blogged the National Institute of Standards and Technology as it published a fourth revision of NIST digital identity guidelines on Friday. The 2025 revision is meant to “respond to the changing digital landscape that has emerged since the last major revision … in 2017,” NIST wrote.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The fresh guidelines “explain the process and technical requirements for meeting digital identity assurance levels for identity proofing, authentication, and federation -- including requirements for security and privacy, as well as considerations for improved customer experience of digital identity solutions and technology,” said NIST: And they “establish identity management as a cross-functional process involving professionals representing cybersecurity, privacy, usability, program integrity, mission and business units, and other disciplines.”
In support of the release, NIST said it’s developing “implementation resources” and is “exploring concepts such as machine-readable conformance criteria and a Digital Identity Risk Management tool.”