DIGITAL IDENTIFICATIONRevised Guidelines for Digital Identification in Federal Systems

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has drafted updated guidelines to help the nation combat fraud and cybercrime while fostering equity and preserving fundamental human rights. The guidelines support risk-informed management of people’s personas online — their “digital identities” — often required to engage in everyday digital transactions from banking to ordering groceries.

“These guidelines are intended to help organizations manage risks related to digital identity and get the right services to the right people while preventing fraud, preserving privacy, fostering equity and delivering high-quality, usable services to all,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “We are actively seeking feedback not only from technical specialists, but also from advocacy and community engagement groups that have insight into the potential impacts these technologies can have on members of underserved communities and marginalized groups.”

“The updated draft guidelines released today play a critical role in supporting the administration’s governmentwide efforts to strengthen identity verification for government systems used by the American public while balancing privacy, equity and accessibility. Identity verification is a front door to federal services and benefits, and it should provide security assurance while enabling access for intended beneficiaries, particularly those from underserved communities and marginalized groups,” said Jason Miller, deputy director for management at the Office of Management and Budget. “This draft update reinforces that NIST’s guidelines have always allowed for alternatives to facial recognition as well as appropriate and fair use of facial recognition technologies and that NIST will be more fully defining these alternatives in the final guidelines.”

The draft publication, formally titled Digital Identity Guidelines (NIST Special Publication 800-63 Revision 4), covers technical requirements for establishing and authenticating digital representations of real-life people — such as employees of a government contractor or members of the general public. The draft guidelines aim to help organizations manage risks associated with digital interactions while making it easier for individuals to use digital identities successfully, including when applying for government services. They also include privacy requirements and offer considerations for fostering equity and the usability of digital identity solutions, as well as their supporting technologies and processes, placing the risks faced by individuals accessing services alongside risks to the organizations that operate those services.