Federal agencies are prioritizing identity security to meet growing cyber threats while ensuring accessibility for both employees and the public, Federal News Network reports.
With rising risks linked to stolen credentials and increased device proliferation, agencies are guided by NISTs Cybersecurity Framework and Special Publication 800-63, which outlines identity risk management based on user context and system access.
The whole point of the digital identity risk management process is to understand your application environment, said Ryan Galluzzo of NIST.
Galluzzo emphasized balancing security and user experience, especially in the face of evolving authentication tools like FIDO tokens and mobile wallets. Agencies are shifting toward phishing-resistant multifactor authentication and attribute-based access control, aligning permissions with user roles and scenarios. Integrating teams, from fraud management to customer service, helps identify and respond to threats in real time. NIST is also advancing mobile IDs and interoperable digital credentials, aiming for a seamless blend of security and usability across government and private sectors.
With rising risks linked to stolen credentials and increased device proliferation, agencies are guided by NISTs Cybersecurity Framework and Special Publication 800-63, which outlines identity risk management based on user context and system access.
The whole point of the digital identity risk management process is to understand your application environment, said Ryan Galluzzo of NIST.
Galluzzo emphasized balancing security and user experience, especially in the face of evolving authentication tools like FIDO tokens and mobile wallets. Agencies are shifting toward phishing-resistant multifactor authentication and attribute-based access control, aligning permissions with user roles and scenarios. Integrating teams, from fraud management to customer service, helps identify and respond to threats in real time. NIST is also advancing mobile IDs and interoperable digital credentials, aiming for a seamless blend of security and usability across government and private sectors.
