Are You Really You? Identity Proofing with NIST SP 800-63-3
The global emphasis towards identity-centric protection is crucial towards combatting the increasing number of data breaches by unscrupulous individuals. In the worst cases, a hijacked identity belongs to a privileged user, allowing the imposter to gain access to key systems or to create synthetic identities to obtain all types of services or assets. They use what is considered “private” information as the basis for establishing a fraudulent digital identity. It is essential to establish strong identity proofing processes to help combat these fraudulent online identities as well as to establish trust in a digital identity. The government is taking a serious look at improving their identity proofing processes. The newly released OMB M-19-17 specifically discusses how federal employees and contractors are required to be identity proofed and credentialed following NIST SP 800-63-3 digital identity guidelines. This session will explore the processes necessary for organizations to meet the remote identity proofing requirements for Identity Assurance Level (IAL) 2 and IAL3 following NIST SP 800-63-3 guidelines. It will also tackle the challenges most organizations face meeting these requirements. Finally, the session will provide a worked example to help organizations document their identity proofing processes and requirements as prescribed by the NIST standard. ( Assured Identity, Privacy, Verified Claims & Credentials, Standards, Identity Proofing, Identity Assurance, Lorrayne Auld).