Three lessons to take away from the IRS breach
August 27, 2015
There is no silver bullet to prevent the kind of attack that exposed the tax records of more than 300,000 people, but there are lessons to be learned.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The National Institute of Standards and Technology released the second draft version of its updated security standard for identity credentials in personal identity verification cards, also known as PIV cards.
The document, Personal Identity Verification of Federal Employees and Contractors, is now open for public comment. Comments can be submitted by email to email@example.com and must be received by August 10, 2012.
The document is the next step towards updating Federal Information Processing Standard (FIPS) 201, published in February 2005.
"The original FIPS 201 indicates the standard should be reviewed after five years to see if changes need to be made," said NIST computer security researcher Hildegard Ferraiolo. "After implementing the standard, federal departments and agencies learned a number of lessons that, combined with technological changes over the years, made an update worthwhile."
Ferraiolo said improvements in the revised draft include: