The new NIST 800-63-3 Digital Identity Guidelines and FAIR were “made for each other”, writes Chip Block, VP at Evolver, Inc., (the operator of large-scale security operations centers for government and business) in an article just published on The Security Ledger website -- the guidelines establish levels of security based on risk, and FAIR sets monetary values for the risk, enabling organizations to prioritize spending.
Block runs through a case study to make the point. An organization that hasn’t updated security in years faces two choices:
And the board asks: “How much more secure will we be after spending the money?”
Block (who leads the Washington, DC, chapter of the FAIR Institute) shows how a FAIR analysis reveals the organization’s strongest concentration of risk is around five asset areas. Then, FAIR answers in financial terms the questions in the NIST risk rating system to guide the organization to a sophisticated, varied approach to identity authentication for different assets.
Read a more extensive version of Block’s article on NIST Digital Identity Guidelines and FAIR on the Evolver website.