Recent NIST Releases

NIST Releases “Best Practices Guide for Personal Identity Verification (PIV)-enabled Privileged Access”

In response to the Office of Management and Budget (OMB)’s Cybersecurity Strategy and Implementation Plan, NIST has released their best practices guide for Personal Identity Verification (PIV)-enabled privileged access. This guide covers three critical areas:

  • The risks of password-based single-factor authentication
  • The need for multi-factor PIV-based user authentication
  • Best practices for agencies to implement PIV authentication for privileged users

As part of the Cyber National Action Plan (CNAP), the Cybersecurity Strategy and Implementation Plan required Federal agencies to use PIV credentials for authenticating privileged users.

NIST Released NISTIR 8105, Report on Post-Quantum Cryptography

NIST has released its Report on Post-Quantum Cryptography (NIST Interagency Report (NISTIR) 8105). The report outlines:

  • The status of quantum computing and post-quantum cryptography
  • An outline of NIST’s initial plan to move forward in post-quantum cryptography
  • Identification of the challenge of moving to new cryptographic infrastructures
  • Emphases on the need for agencies to focus on crypto agility

“The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. In recent years, there has been a substantial amount of research on quantum computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.”

NIST’s Digital Authentication Guideline Under Public Review

NIST has been developing guidelines on changes to digital authentication, based on industry feedback, expert advice and pilot programs. The draft, Special Publication 800-63-3:Digital Authentication Guideline is open for public comment and additional feedback. After further development, the document will be publicly posted for review on the CSRC.