The National Institute of Standards and Technology has released a new set of electronic authentication guidelines designed to assist businesses with methods to secure themselves from insider threats to the security and integrity of data. The last time such guidance was issued was back in 2006, but during the years that have elapsed, both threats and the computing environment have evolved into new forms that require new levels of protection.
"Changes made to the document reflect changes in the state of the art," announced Tim Polk, who works as a Cryptographic Technology manager at NIST. "There are new techniques and tools available…. [which provide] more flexibility in choosing the best authentication methods for their individual needs, without sacrificing security.”
An assumption of the 2006 document was that businesses would determine on their own if users accessing networks and systems were indeed who they claimed to be. The new guidelines do not make that assumption and instead help businesses explore the range of options available to them in the form of authentication services, many of which can be incorporated into a managed services model for IT solutions.
The most common authentication method continues to take the form of user names and passwords, but more advanced systems are becoming prominent now. Some of these use cryptographic keys to establish identities of users while others rely in part on physical tokens. Any of these can be administered through a managed services approach so that they are fully integrated with the other security systems in place for a given computing environment.