Just Released! New NIST mDL Security and Privacy Resources: Review and Provide Feedback Today
The NIST NCCoE is excited to announce and accept comments on three new draft publications under its Mobile Driver Licenses (mDL) Project. These releases include resources on mDL assurance, mDL data flows, and a privacy risk assessment.
What are mDLs?
Today, mDLs function much like a traditional driver's license—carrying information such as name, date of birth, and address—but in a digital format accessible through a mobile application, often referred to as a digital wallet. Compared to physical driver’s licenses, mDLs are based on public key cryptography and can be presented digitally during online transactions, offering the potential to improve both security and usability for people using online services.
To help realize the value of mDLs, the NCCoE is working with stakeholders from across the mDL ecosystem to build a reference implementation demonstrating real world business use cases, integrating mDLs with commercially available technology and into business processes. It is releasing relevant security and privacy artifacts on an iterative basis as the project work continues.
New Resources to Support mDL Adoption by Financial Institutions
As part of its first mDL use case working with the financial sector, the NCCoE has released the following resources that can aid financial institutions with mDL implementations:
-
Building Assurance in the mDL Ecosystem - This document highlights security and trust considerations related to the enrollment, issuance and presentation of mDLs and includes NIST 800-63-4 controls that can be applied to the MDL issuance.
-
mDL Interaction Diagrams - These diagrams correspond to our previously published wireframes videos and illustrate how data flows between different components when a user interacts with our simulated bank using their mDL.
-
Privacy Risk Assessment Methodology (PRAM) - This tool is designed to help organizations assess and prioritize privacy risks associated with mDLs. It provides a tailored version of the NIST PRAM, a widely used methodology for managing privacy risk, based on the NCCoE mDL architecture.
How Can You Get Involved?
The NCCoE invites you to review these new resources and provide feedback. Your input will help shape the future of secure mDL development and implementation. To submit comments, please visit our project website and follow the instructions in the “Submit Comments” section.
NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: mdl-...@nist.gov
NCCoE Website questions: nc...@nist.gov
|
