Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Remarks at Applying Measurement Science in the Identity Ecosystem Workshop

Thank you, Mike, and thanks to all of you for attending this important workshop.

As most of you know, NIST is part of the Department of Commerce. And our job is to help ensure that U.S. industry has the tools it needs to innovate and stay competitive in the global marketplace.

Continually improving measurement science is central to who we are and what we do. NIST measurement research spans an incredible diversity of fields—from manufacturing to forensics to medicine to cybersecurity—and almost everything in between.

The common thread, however, is to develop better metrics and agreed-upon standards so that new technologies can fairly compete with older ones. And by facilitating this process, NIST helps U.S. industry quickly know how well new and innovative products measure up, so they can be among the first to market them.

In today's fast-moving digital economy, this approach can be thought of as a three-step process: measure, innovate, lead.

In the context of online identity technologies, this means accurate measurement of how well identity proofing, authentication, and attribute systems actually work, so that you can make well-informed risk decisions.

We're grateful to have such a large and knowledgeable audience here today to help us make progress on this front. We're committed to building the strongest foundation for cybersecurity possible, but we can't succeed without your help and the help of other experts in the field.

We want what I assume all of you want: safe, reliable, and trusted online systems that grow the economy and protect individual and organizational privacy and intellectual property. The digital identity market is now maturing and innovating at a rate that demands a stronger measurement-based approach. Emerging technologies like those in mobile devices and biometric systems are poised to be game-changers in the way we think about identity and access management.

In the area of online credentials, President Obama's Executive Order 13681 called on federal agencies to use multi-factor authentication; for example, use of a specific password with a specific device such as a federal ID card or a cell phone.

This executive order also said that effective identity proofing processes should be consistent with NSTIC principles. For example, access to personal data should be limited to trusted ID providers, while ID proofing is strengthened to increase confidence that an online participant is who they say they are.

The order applies only to federal applications, but we believe that a healthy identity ecosystem also demands meeting these goals at state and local levels of government, and in the private sector as well.

With the growth of available solutions in the market, it's now time to improve the science behind identity assurance. We want to leverage those solutions for government, and to do that consistently and efficiently, it requires us to be able to measure those "proposed" solutions and assess their effectiveness.

Trusted approaches that measure strength in ID proofing and authentication—or confidence in attributes like fingerprints or voice samples—can help agencies and organizations weigh the benefits and risks of different market solutions that meet their needs.

This is where NIST can help. We have a 115-year history of advancing measurement science that we can apply to this latest challenge of identity and access management.

As part of this workshop, NIST has provided technical white papers that describe measurement issues in core areas of identity management, to initiate a conversation with this community.

What we'd love to see from you is feedback on these issues, as well as methodologies, best practices, metrics, data, and practical scenarios affecting your organizations—in both the government and the private sector.

Several of you and your companies have already put in considerable time and resources to ensure that we get the input we need. We wouldn't be here without that support. So, thank you.

As you continue your efforts today, I ask that you do your best to focus on outcomes that hold ourselves and others accountable. We have the opportunity to help create a trusted identity ecosystem that can save companies and consumers billions in lost resources and productivity.

Both the problem and the solutions are bigger than any of us alone can solve. But together, we can truly make an impact.

I'll look forward to hearing an update on your progress from Mike, and to a future where we can all conduct sensitive transactions online with greater ease and confidence.

Thank you.

Created January 20, 2016, Updated October 1, 2016