this post was submitted on 26 Sep 2024
546 points (99.3% liked)

Technology

58970 readers
5357 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Here is the text of the NIST sp800-63b Digital Identity Guidelines.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 85 points 1 month ago* (last edited 1 month ago) (3 children)

the document is nearly impossible to read all the way through and just as hard to understand fully

It is a boring document but it not impossible to read through, nor understand. The is what compliances officer do. I have a (useless) cybersecurity degree and reading NIST publications is part of my lecture.

[–] [email protected] 28 points 1 month ago (2 children)

My career as a sysadmin consistently has me veering toward security and compliance and my brain is absolutely fried on trying to figure out what these huge docs actually mean, how they apply to the things I'm responsible for and what we're supposed to do about it.

Props to all the folks that can do it without losing their mind.

[–] [email protected] 10 points 1 month ago* (last edited 1 month ago)

You need to first understand the grand structure of the doc, then cherry pick the content to action points. At least that's how I do it.

[–] [email protected] 6 points 1 month ago (1 children)

You break it down into chunks and delegate. They're not expecting any one person to implement the whole thing.

[–] [email protected] 1 points 1 month ago

They’re not expecting any one person to implement the whole thing.

Hahaha, tell that to leadership! 😩

[–] [email protected] 6 points 1 month ago (1 children)

Useless??? Ever since the pandemic and the need for a robust remote work infrastructure, the amount of cybersecurity related job offers has exploded. And they're very well paid where I live.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago)

The knowledge and skill are useful, but I can't say the same for the degree

[–] [email protected] 1 points 1 month ago (1 children)

It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance

My argument is that if this document (and others) are requirements for companies shouldn't there also be a more approachable document for people to use?

Sure, have the jargon filled document that those in the know can access, but without an additional not so jargon-y document you've just added a barrier to change. Maybe just an abstract of the rule changes on the front page without the jargon?

I don't know, maybe it's not a big deal to compliance officers but just seems to me (someone that isn't a compliance officer) that obfuscating the required changes behind jargon and acronyms is going to slow adoption of the changes.

[–] [email protected] 4 points 1 month ago

It needs to be specific to be clear for its purposes. You can express everything in simpler terms but then you risk leaving things out of definitions. It's basically legal speak.

Normally, you'd read the scope of such a document to see whether it fits your purpose, then cherry-pick the chapters necessary. If something's unclear, you can google pretty much everything.

Doing that a few times will make it infinitely easier! You especially get to understand those broad, inaccessible definitions a lot easier.