Federal agencies will need to find the balance between risks and user experience when developing and implementing digital identity systems, according to Ryan Galluzzo, digital identity lead for the Applied Cybersecurity Division at the National Institute of Standards and Technology.
In an interview, the government tech leader said agencies must look at various factors such as application context and rights, type of data, and who will be using the system, and on what devices.
“The whole point of the digital identity risk management process is to want to understand what is the application context you’re working in? What are the different users that you have? What kind of data are you accessing? What kind of rights do you have once they are in the application? Can they modify things, just view things, and what’s the potential impact?” Galluzzo asked.
NIST previously published Special Publication 800-63, which consists of four volumes to guide agencies on how they can manage risks with digital identity programs.
On Privilege Access
The U.S. government has adopted phishing-resistant multifactor authentication as part of its cybersecurity strategy. Agencies are also exploring access governance, such as attribute-based access control, or ABAC.
According to Galluzzo, ABAC enables system administrators to manage access based on user and transaction attributes. ABAC considers where the user is located, the time of day they are trying to access a system, what kind of device is being used and the type of network it is connected to and applies the appropriate policies.
The official added that his office is specifically looking at passkeys and Fast Identity Online, or FIDO, authentication and credentials used in mobile wallets. He commented that technologies that consolidate increased security and smoother user experience “show a lot of value and gain a lot of traction.”
Learn more about the innovative solutions that can provide security and strengthen resilience across the public sector at the Potomac Officers Club’s 2025 Cyber Summit on May 15. Register for the in-person event here.
Related Articles
The Senate on Thursday confirmed by voice vote Lt. Gen. Shawn Bratton as the U.S. Space Force’s vice chief of space operations. According to a congressional notice, Bratton, who was nominated to the role in mid-July, will also be promoted to the rank of general. With his confirmation, Bratton replaces Gen. Michael Guetlein, who was named program manager for the Trump administration’s Golden Dome missile defense shield initiative. The GovCon Golden Dome conversation will be in full force at the 2025 Navy Summit in the lunch panel: “Supporting the Shield: Navy’s Role in the Golden Dome Architecture.” This industry-focused panel
Katie Arrington, a previous Wash100 awardee who currently performs the duties of the Department of Defense’s chief information officer, has released a memorandum to help DOD better manage risks facing its information and communications technology supply chain. In the June 5 memo, Arrington said she called for an update of the Requirements for the Acquisition of Digital Capabilities Guidebook concurrent with the Software Fast-Track, or SWFT, initiative development timeline. DOD Software Fast-Track Initiative In April, the acting CIO directed the establishment of the SWFT initiative to advance DOD’s adoption of best practices to transform the way it acquires, tests, authorizes
The Senate voted on Saturday 50-45 to confirm Paige Hallen Hanson as the next U.S. Environmental Protection Agency new chief financial officer. In her role, Hanson will manage EPA’s almost $100 billion allocation and its financial and resource management systems, the agency said in a Monday press release. Commenting on her appointment, Hanson said she was grateful to lead the EPA’s financial operations. “From budgeting to payments, performance measures to financial technology, the work of this talented team enables the critical mission EPA plays in protecting human health and the environment,” she remarked. Who Is Paige Hallen Hanson? Before her