The National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) invite you to a live webinar introducing the initial draft of Interagency Report 8587, "Protecting Tokens and Assertions from Forgery, Theft, and Misuse." Due to high demand, the webinar will also be hosted via LinkedIn livestream: Cybersecurity and Infrastructure Security Agency: Posts | LinkedIn. For those already registered, please plan to enter the webinar here: Microsoft Virtual Events Powered by Teams.
During this session, CISA and NIST will walk through the report’s implementation guidance to help federal agencies and cloud service providers (CSPs) protect identity tokens and assertions from forgery, theft, and misuse.
Report authors will familiarize the audience with the subject matter to encourage written feedback during the public comment period. Please submit comments and feedback by January 30, 2026, via email at iam@list.nist.gov.
What is included in this report?
Building on updates to NIST SP 800-53, the report outlines principles for cloud service providers (CSPs) and consuming agencies, details architectural considerations for identity providers and authorization servers, and recommends enhancements to key management, token verification, and lifecycle controls. The report also addresses threats demonstrated in recent high-profile attacks, emphasizes the importance of secure and configurable cloud services, and provides technical recommendations to safeguard single sign-on, federation, and application programming interface (API) access scenarios.
More Info Here: https://www.cisa.gov/news-events/events/public-webinar-nist-ir-8587-protecting-tokens-and-assertions-forgery-theft-and-misuse