{"id":31996,"date":"2020-11-10T12:44:43","date_gmt":"2020-11-10T17:44:43","guid":{"rendered":"https:\/\/fidodev.wpengine.com\/?page_id=31996"},"modified":"2025-05-21T10:19:15","modified_gmt":"2025-05-21T14:19:15","slug":"fido-alliance-policy-documents","status":"publish","type":"page","link":"https:\/\/fidoalliance.org\/fido-alliance-policy-documents\/","title":{"rendered":"FIDO Alliance Public Policy Submissions"},"content":{"rendered":"\n

FIDO Alliance Input to Reserve Bank of India (RBI)<\/a> (December 2024): In this input document, the FIDO Alliance comments to Reserve Bank of India (RBI): Draft Framework for Comments on Alternative Authentication Mechanisms for Digital Payment Transactions.<\/p>\n\n\n\n

FIDO Alliance Input to ENISA<\/a> (December 2024): In this input document, the FIDO Alliance comments to ENISA: Draft Implementing Guidance for NIS2 Security Measures.<\/p>\n\n\n\n

FIDO Alliance Input to NIST (October 2024) and Comment Template<\/a>: In this input document, the FIDO Alliance comments to NIST \u2013 SP 800-63-4 Suite (Second Public Draft).<\/p>\n\n\n\n

FIDO Alliance Input to European Commission<\/a> (September 2024): In this input document, the FIDO Alliance comments to the European Commission: Draft Implementing Act \u2013 European Digital Identity Wallets: Integrity and Core Functionalities.<\/p>\n\n\n\n

FIDO Alliance Input to European Commission<\/a> (July 2024): In this input document, the FIDO Alliance comments to the European Commission: NIS2 Directive Draft Requirements.<\/p>\n\n\n\n

FIDO Alliance Input to METI<\/a> (April 2024): In this input document, the FIDO Alliance comments to Ministry of Economy, Trade and Industry (METI): IoT Product Security Conformity Assessment Scheme Policy Draft.<\/p>\n\n\n\n

FIDO Alliance Input to BRSA<\/a> (January 2024): In this input document, the FIDO Alliance comments to Turkish Banking Regulation and Supervision Agency\u2019s (BRSA) Circular 2023\/1.<\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (January 2024): In this input document, the FIDO Alliance comments to NIST SP 800-171r3: Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.<\/p>\n\n\n\n

FIDO Alliance Input to the USG Proposed FAR Clauses for Contractors<\/a> (November 2023): In this input document, the FIDO Alliance comments to FAR Case 2021\u2013019: Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems.<\/p>\n\n\n\n

FIDO Alliance Input to the New York Department of Financial Services (DFS)<\/a> (August 2023):
In this input document, the FIDO Alliance comments to DFS \u2013 Revised Proposed 2nd Amendment to Regulation 23 NYCRR 500 \u2013Cybersecurity Requirements for Financial Services Companies.<\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (June 2023):
In this input document, the FIDO Alliance comments to NIST \u2013 Identity and Access Management Roadmap (Draft).<\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (April 2023) and Comment Template<\/a>:
In this input document, the FIDO Alliance comments to NIST \u2013 SP 800-63-4 Digital Identity Guidelines (Draft).<\/p>\n\n\n\n

FIDO Alliance Input to CFPB<\/a> (January 2023):
In this input document, the FIDO Alliance comments to the CFPB \u2013 Small Business Advisory Review Panel on Required Rulemaking on Personal Financial Date Rights.<\/p>\n\n\n\n

FIDO Alliance Input to DFS<\/a> (January 2023):
In this input document, the FIDO Alliance comments to the DFS \u2013 Proposed Cybersecurity Requirements for Financial Services Companies \u2013 23 NYCRR Part 500.<\/p>\n\n\n\n

FIDO Alliance Input to DFS<\/a> (August 2022):
In this input document, the FIDO Alliance comments to the DFS \u2013 Proposed Cybersecurity Requirements for Financial Services Companies.<\/p>\n\n\n\n

FIDO Alliance Input to SEC<\/a> (April 2022):
In this input document, the FIDO Alliance comments to the SEC – Proposed Cybersecurity Risk Management Rules for Investment Advisers, Registered Investment Companies, and Business Development Companies. <\/p>\n\n\n\n

FIDO Alliance Input to FCC<\/a> (November 2021):
In this input document, the FIDO Alliance comments to the FCC – NPRM on Rules to Prevent SIM Swapping and Port-Out Fraud. <\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (October 2021):
In this input document, the FIDO Alliance comments on NIST’s Consumer Labeling for IoT Devices. <\/p>\n\n\n\n

FIDO Alliance Input to the European Commission<\/a> (October 2021):
In this input document, the FIDO Alliance comments on the European Commission \u2013 using FIDO Standards in eIDAS 2.0. <\/p>\n\n\n\n

FIDO Alliance Input to CISA<\/a> (October 2021):
In this input document, the FIDO Alliance comments on the Draft Zero Trust Maturity Model and Cloud Security Technical Reference Architecture. <\/p>\n\n\n\n

FIDO Alliance Input to OMB<\/a> (September 2021):
In this input document, the FIDO Alliance comments on the Draft Federal Zero Trust Strategy published by the White House Office of Management and Budget (OMB). <\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (February 2021):
In this input document, the FIDO Alliance comments on NIST\u2019s Draft Guidance for Federal Agencies and IoT Device Manufacturers. <\/p>\n\n\n\n

FIDO Alliance Input to the Consumer Financial Protection Bureau<\/a> (February 2021):
In this input document, the FIDO Alliance comments to the Consumer Financial Protection Bureau (CFPB) on Consumer Access to Financial Records. <\/p>\n\n\n\n

FIDO Alliance Input to NIST<\/a> (October 2020):
In this input document, the FIDO Alliance comments on the NIST\u2019s draft on Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management.<\/p>\n\n\n\n

FIDO Alliance Input to the European Commission<\/a> (September 2020):
In this input document, the FIDO Alliance comments on the European Commission\u2019s (EC) Inception Impact Assessment regarding the future of eIDAS. FIDO Alliance comments in four areas for the EC’s consideration: 1. With regard to authentication \u2013 the EC should ensure that any LOA High solutions require high assurance authentication. 2. Extension of eIDAS to the private sector under Option 2 would be well-received by many companies. 3. All Europeans could benefit by creating new options for creating digital versions of physical identity documents. 4. Mutual recognition and re-use of pre-approved ID products. <\/p>\n\n\n\n

FIDO Alliance Input to the National Institute of Standards and Technology (NIST)<\/a> (August 2020):
In this input document, the FIDO Alliance comments on NIST’s Pre-Draft Call for Comments on Digital Identity Guidelines. FIDO Alliance offers comments in three areas for the NIST’s consideration: 1. Recognize changes in both threat and technology since the publication of SP 800-63-3. 2. AAL3 \u2013 explore new paths. 3. Reference to FIDO standards.<\/p>\n\n\n\n

FIDO Alliance Input to the Drug Enforcement Administration (DEA)<\/a> (June 2020):
In this input document, the FIDO Alliance comments on Docket No. DEA-218I, the Drug Enforcement Administration\u2019s (DEA) Request for Comments on the Interim Final Rule for Electronic Prescriptions for Controlled Substances (EPCS). FIDO Alliance comments in four parts and are largely focused on the portions of the request for comment that focus on authentication requirements in the interim final rule: 1. Observations on current regulations and how technology has evolved over the last ten years. 2. An introduction to FIDO Authentication and FIDO Alliance certification programs. 3. Answers to specific DEA questions from the Request for Comments. 4. Suggestions on ways DEA can ensure revised EPCS regulations stay current as technology and threat evolve.<\/p>\n\n\n\n

How FIDO Standards Meet PSD2\u2019s Regulatory Technical Standards Requirements On Strong Customer Authentication<\/a> (December 2018):
This document provides a detailed review of the security requirements listed in the Regulatory Technical Standards For Strong Customer Authentication and Common and Secure Open Standards Of Communication under PSD2 (the RTS) and describes how the FIDO standards meet such requirements.  <\/p>\n\n\n\n

FAQ on FIDO relevance for the GDPR <\/a> (September 2018):
This document provides answers to questions on authentication, user consent, use of biometrics\u2026in the context of the European General Data Protection Regulation. It shows how FIDO authentication can help service providers comply with the regulation.<\/p>\n\n\n\n

FIDO Alliance Letter Regarding Payment Services Directive 2<\/a> (August 2017):
FIDO Alliance’s letter to European Commission and European Parliament on whether screen scraping should be allowed as a fallback option under PSD2<\/p>\n\n\n\n

FIDO Alliance Input to the National Institute of Standards and Technology (NIST): Request for Information (RFI) on the Framework for Improving Critical Infrastructure Cybersecurity<\/a> (April 2017):
In its input to NIST on the proposed changes to the Cybersecurity Framework, the FIDO Alliance recommends that NIST clarify their language and explicitly require MFA in the next update to the Framework. The Alliance urges NIST to add a new \u201cauthentication\u201d sub-category to the Framework core with the recommendation that: “authentication of authorized users is protected by multiple factors.” Explicitly addressing MFA with this language is necessary to help government and industry address growing risks caused by weak authentication, and should be part of any proper update of the Framework.<\/p>\n\n\n\n

Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services Directive (PSD2)<\/a>
In this response to the EBA, the FIDO Alliance details how FIDO-compliant implementations that follow security best practices are ideal examples of what the EBA regulations for \u201cstrong customer authentication\u201d under PSD2 are striving to foster: simpler, stronger authentication capabilities that merchants and consumers will adopt at scale. The response also describes how the EBA\u2019s acceptance of FIDO\u2019s public key cryptographic architecture, especially when combined with on-device biometrics, will reduce the vulnerability surface of their payment service providers \u2014 and presumably also reduce online fraud rates as a result \u2014 and accelerate overall online payment volume through reduced friction in the user experience.<\/p>\n\n\n\n

Input to the Commission on Enhancing National Cybersecurity
In this input document, the FIDO Alliance makes three recommendations to the U.S. government for addressing cyberthreats: 1. Make it a national priority to replace passwords and other \u201cshared secret\u201d authentication approaches with more secure solutions. 2. Promote the use of new authentication standards such as FIDO as a best practice for authentication and 3. Accelerate the adoption of strong authentication through actions that will help create demand for these solutions.<\/p>\n\n\n\n

FIDO Privacy: FIDO Alliance White Paper<\/a>
This white paper describes how privacy has been taken into account in the design of the FIDO protocols, and how they can help meet privacy requirements from certain regulatory authorities.<\/p>\n","protected":false},"excerpt":{"rendered":"

FIDO Alliance Input to Reserve Bank of India (RBI) (December 2024): In this input document, the FIDO Alliance comments to Reserve Bank of India (RBI): Draft Framework for Comments on Alternative […]<\/p>\n","protected":false},"author":59250,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"_EventAllDay":false,"_EventTimezone":"","_EventStartDate":"","_EventEndDate":"","_EventStartDateUTC":"","_EventEndDateUTC":"","_EventShowMap":false,"_EventShowMapLink":false,"_EventURL":"","_EventCost":"","_EventCostDescription":"","_EventCurrencySymbol":"","_EventCurrencyCode":"","_EventCurrencyPosition":"","_EventDateTimeSeparator":"","_EventTimeRangeSeparator":"","_EventOrganizerID":[],"_EventVenueID":[],"_OrganizerEmail":"","_OrganizerPhone":"","_OrganizerWebsite":"","_VenueAddress":"","_VenueCity":"","_VenueCountry":"","_VenueProvince":"","_VenueState":"","_VenueZip":"","_VenuePhone":"","_VenueURL":"","_VenueStateProvince":"","_VenueLat":"","_VenueLng":"","_VenueShowMap":false,"_VenueShowMapLink":false,"footnotes":""},"content-type":[],"class_list":["post-31996","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/pages\/31996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/users\/59250"}],"replies":[{"embeddable":true,"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/comments?post=31996"}],"version-history":[{"count":0,"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/pages\/31996\/revisions"}],"wp:attachment":[{"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/media?parent=31996"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/fidoalliance.org\/wp-json\/wp\/v2\/content-type?post=31996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}