The National Institute of Standards and Technology released NISTIR 8344 because current authentication models appear to be headed into crisis with the difficulties of passwords, the need for derived credentials, and the uncertainty of quantum processing, mobile platforms, and the complexity and increasing number of devices in the internet of things realm. NIST officials said the establishment of an ontology of authentication can better manage the requirements placed upon both systems and users. The new draft, NISTIR 8344, includes a survey of authentication mechanisms, establishing the need and basis for authentication metrology, as well as key factors in determining strength and management requirements when assessing an authentication system in a given environment.
Issuance of NISTIR 8344 is the culmination of an effort to define authentication by examining mechanisms used to prove position or membership; analyzing existing methods, tools, and techniques; and developing an abstract representation of authentication features and services, according to a NIST release. Basic mechanisms used to accomplish authentication are identified and discussed in general terms. While most authentication mechanisms utilize cryptography, specific implementations of the cryptography are left to standards that address the authentication mechanism and are not included in this document, NIST advised.
Publication:
NISTIR 8344 (Draft) (DOI)
NIST Download
Date Published: February 2021
Comments Due: April 9, 2021
Email Comments to: NISTIR-8344-comments@nist.gov