Identity Proofing and Enrollment

NIST sees a need for inclusion of an unattended, fully remote Identity Assurance Level (IAL) 2 identity proofing workflow that provides security and convenience, but does not require face recognition. Accordingly, NIST seeks input on the following questions:

...

What impacts would the proposed biometric performance requirements for identity proofing have on real-world implementations of biometric technologies?

Risk Management

What additional guidance or direction can be provided to integrate digital identity risk with enterprise risk management?

...

How might risk analytics and fraud mitigation techniques be integrated into the selection of different identity assurance levels? How can we qualify or quantify their ability to mitigate overall identity risk?

Authentication and Lifecycle Management

Are emerging authentication models and techniques – such as FIDO passkey, Verifiable Credentials, and mobile driver’s licenses – sufficiently addressed and accommodated, as appropriate, by the guidelines? What are the potential associated security, privacy, and usability benefits and risks?

...

What impacts would the proposed biometric performance requirements for this volume have on real-world implementations of biometric technologies?

Federation and Assertions

What additional privacy considerations (e.g., revocation of consent, limitations of use) may be required to account for the use of identity and provisioning APIs that had not previously been discussed in the guidelines?

Is the updated text and introduction of “bound authenticators” sufficiently clear to allow for practical implementations of federation assurance level (FAL) 3 transactions? What complications or challenges are anticipated based on the updated guidance?

General

Is there an element of this guidance that you think is missing or could be expanded?

...