NSA Draws From NIST for MFA Requirements
The National Security Agency Central Security Service (NSA CSS) recently published guidance on Selecting and Safely Using Multifactor Authentication Services. These releases from our top government agencies are a great service to our industry around best practices and recommendations, especially in the context of authentication.
It’s no surprise the guide draws upon the National Institute of Standards and Technology (NIST) Standards considering NIST’s purpose is to improve the nation’s competitive edge. NSA reiterates the importance of understanding NIST 800-63-3A and 800-63-3B. The agency spell out the guiding principles for working with digital identities which apply to both legacy and modern environments.
As regulations worldwide evolve their security requirements, we will see more organizations quickly adopting Authenticator Assurance Level 3 (AAL3) to stay ahead of compliance and secure access to mission critical information.
See our blog on De-NISTifying 800-63B for more details on HYPR and NIST Compliance.