NIST Requests Comment on Updated FIPS 201 – But No Swearing, Please

“Among other things, the memo ordered various government agencies to implement ICAM frameworks that align with NIST standards, and to work with NIST to pilot novel authentication mechanisms”

The National Institute of Standards and Technology is requesting comments on its draft for an updated FIPS 201 standard.

The draft for FIPS 201-3 includes proposed revisions that would support policy objectives outlined in OMB M-19-17, a memo issued by the Office of Management and Budget in May of 2019. The memo’s goal was to detail the federal government’s Identity, Credential, and Access Management (ICAM) policy.

Among other things, the memo ordered various government agencies to implement ICAM frameworks that align with NIST standards, and to work with NIST to pilot novel authentication mechanisms. It also tasked them with sharing feedback to NIST to drive improvements to its NIST SP 800-63 Digital Identity Guidelines.

In announcing its request for comment with respect to FIPS 201-3, NIST explained that its revisions are also intended to “align with emerging standards and technologies for digital identity, support the use of alternative authenticators, and encourage interoperability through federation.”

All comments must be received by NIST on or before February 1, 2021, in order to be considered. NIST says all submissions received will become part of the public record, and some may be published – though anything containing “profanity, vulgarity, threats, or other inappropriate language or content will not be posted or considered.”

NIST’s request for comment comes after the organization published a ‘Quick Start’ manual to help organizations assess their security needs with its Risk Management Framework. NIST also updated the structure and processes of its Organization of Scientific Area Committees (OSAC) for Forensic Science in October.

–

November 4, 2020 – by Alex Perala