Federal officials are emphasizing the need to further standardize and implement new identity authentication measures, such as phishing-resistant authentication methods and quantum-resistant cryptography, across Federal agencies. During a recent Nextgov/FCW event, officials highlighted the importance of enhancing the robustness of identity verification processes to prevent phishing attacks, which often exploit weaknesses in communication to steal sensitive data or spread malware.
Ryan Galluzzo, the digital identity program lead for the National Institute of Standards and Technology’s Applied Cybersecurity Division, underscored the necessity of securing digital identity solutions within a comprehensive cybersecurity strategy. He noted that developing cryptographically backed digital credentials, such as those using public key cryptography and passkeys, is critical to moving away from physical documentation like driver’s licenses.
Galluzzo also emphasized the importance of ensuring consistent security measures across all parts of an organization to avoid creating vulnerabilities, and echoed recent comments from biometrics industry experts about the risk of fraudulent onboarding.
“If you can defeat the identity proofing processes, you’re going to get issued a legitimate credential, and so that’s going to undermine the authentication process,” he said.
In addition to NIST’s efforts, the General Services Administration (GSA) is also working on alternative phishing-resistant authenticators, such as those based on FIDO standards, which uses biometrics and hardware devices for password-less authentication.
The GSA is helping agencies pilot different security products and has recently updated IDmanagement.gov, enhancing the resources available for cybersecurity education and implementation. IDmanagement.gov is a central repository for workforce identity resources managed by the GSA, and serves as a hub for information, tools, and guidelines related to identity management within the U.S. federal government.
Source: MeriTalk
–
August 15, 2024 – by the FindBiometrics Editorial Team
Follow Us