The National Institute of Standards and Technology has published a supplement to an existing NIST Special Publication to provide interim guidance for agencies that intend to use syncable authenticators in public-facing and enterprise-facing use cases.
NIST said Tuesday the document is the first supplement to its SP 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management.
According to the supplement, syncable authenticators are cryptographic authenticators or FIDO passkeys that use multiple protocols and standards and allow for the private key to be cloned and stored separate of the authenticator to back use of the key across devices.
“When implemented correctly, they provide a phishing-resistant authenticator with many benefits, such as simplified recovery, cross device support, and consumer friendly platform authentication support (for example, native biometrics),” the document states.
NIST said the supplement provides agencies direction on how to use syncable authenticators in support of the federal zero trust strategy.
The agency will accept feedback on syncable authenticators and the supplement’s content during the second round of public comments for Revision 4 of the guidelines, which will open later in 2024.
Register here to attend the Potomac Officers Club’s 2024 Cyber Summit on June 6 and listen to experts and industry and government leaders as they talk about the role of cyber in the public sector.