NIST’s Tougher Approach to Identity Risk Video
Did anyone else notice the 18% increase in Identity Risk in 2017?
Every year Verizon speaks with organizations about cybersecurity attacks and compiles the results in their Data Breach Investigations Report (DBIR). In 2017 Verizon’s DBIR stated that “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” In 2016 Verizon’s DBIR stated that “63% of confirmed data breaches involved weak, default or stolen passwords.”
This video describes how the National Institute of Standards and Technology (NIST) is taking a tougher approach to Identity Risk based on the NIST 800-63-3 Digital Identity Guidelines.
The video begins with an introduction to the newly released Special Publication 800-63-3 which includes Assurance Levels for:
- Identity Proofing (IAL)
- Authenticator Type (AAL)
- Federated Architecture (FAL)
The video concludes with a description of NIST’s approach to Risk Assessment and how to pick Assurance Levels for Identity and Access Management infrastructures.
For more information download TELEGRID’s whitepaper Authentication Token Cybersecurity and NIST 800-63-3