Key Updates to NIST's Digital Identity Guidelines: SP 800-63-3


Technology moves fast - the guidelines for securing “digital identities” is already four years old; old enough to be replaced by the National Institute of Science and Technology (NIST).

The new, final Special Publication (SP) 800-63-3 was released at the end of June. Last July, Duo’s Information Security Journalist, Thu Pham, wrote about how NIST deemed SMS-based two-factor authentication as no longer secure in their initial draft of the Digital Authentication Guideline.

Now, NIST has integrated those recommendations and more into a final suite of documents known as the Digital Identity Guidelines, widely referenced and used by a number of industries as a standard for how to properly secure digital identities - including government entities, such as federal agencies and contractors that provide services to the federal sector.

Read all about SP 800-63-3 in this Duo Blog.