Blog

According to question responses from the Government posted in late July, the Government anticipates including the NIST Special Publication 800-63 series as reference documents and aims to require Authenticator Assurance Level 3 (AAL3) which provides “very high confidence” in the authenticator and the user’s control of the authenticator, resulting in a very high bar for digitial identity verification. We welcome this change because current ID card checks are vulnerable in that any impostor with another person’s ID card or a copy of the card is likely to gain access without improved identity verification. Moreover, alternative approaches to an express lane that depend on a biometric sensor at the gate are vulnerable to presentation attack and have other problems identified in SP 800-63B such that they are not encouraged by NIST.