National Strategy for Trusted Identities in Cyberspace (NSTIC)
Helping individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice and innovation.
Our friends at the National Cyber Security Alliance recently caught up with Mike Garcia, acting director of the NSTIC NPO, to jumpstart their new executive Q&A blog series! This interview will give you a glimpse into what the NSTIC NPO has accomplished in the last four years and what we’ve got planned in terms of catalyzing the marketplace in the future. Mike also talks about what the NPO is most proud of and how we’re changing things up a bit.
Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model.
It’s certainly too early to spike the ball, but yesterday the Identity Ecosystem Steering Group (IDESG) met another milestone by approving the initial set of baseline requirements for the Identity Ecosystem Framework (IDEF). These requirements are a critical element to building the IDEF—which the IDESG has been chartered to establish and govern. As identified in the NSTIC, successful establishment of the IDEF is a must-have in the ongoing successful development of online commerce, government efficiency, and effective and efficient communication among and between individuals, the private sector, and the public sector. The baseline requirements were developed by IDESG work committees to address minimum requirements for Identity Ecosystem participants in four key areas: privacy, security and resiliency, interoperability, and user experience. These areas align directly with the committee structure of the IDESG and with the Guiding Principles of the NSTIC.
Recently NIST joined the FIDO Alliance under its newly-created government membership class. The FIDO Alliance was formed in July of 2012 and aims to bring easy-to-use, privacy-enhancing authentication devices to the consumer mass market. FIDO-based credentials are designed to provide an anonymous key without any publicly available serial number or central authority. The FIDO 1.0 specifications allow for strong, multifactor credentials, a major point of focus in the National Strategy for Trusted Identities in Cyberspace.