Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Fourth and goal: closing in on the Identity Ecosystem Framework

It’s certainly too early to spike the ball, but yesterday the Identity Ecosystem Steering Group (IDESG) met another milestone by approving the initial set of baseline requirements for the Identity Ecosystem Framework (IDEF). These requirements are a critical element to building the IDEF—which the IDESG has been chartered to establish and govern. As identified in the NSTIC, successful establishment of the IDEF is a must-have in the ongoing successful development of online commerce, government efficiency, and effective and efficient communication among and between individuals, the private sector, and the public sector. The baseline requirements were developed by IDESG work committees to address minimum requirements for Identity Ecosystem participants in four key areas: privacy, security and resiliency, interoperability, and user experience. These areas align directly with the committee structure of the IDESG and with the Guiding Principles of the NSTIC. The requirements will serve as the basis for the IDESG’s Self-Assessment Program—which is targeted to be operational later this year. Under this scheme, identity service providers and relying parties will be able to self-assess their own policies, procedures, and operations to the baseline requirements and attest to conformance to them. The IDESG will offer a public listing service for those organizations that self-assess and determine conformance to the baseline requirements. The functional model, requirements, Trustmark program scope, and scoping statement will comprise the initial version of the IDEF as envisioned in the strategic plan. The IDESG Privacy, Security, Standards, and User Experience Committees, along with the IDESG Framework Management Office, have been working hard to develop the baseline requirements since last year. The Self-Assessment Program is intended to enable those service providers to apply the requirements to their own operations to determine where they meet the requirements—and to identify areas that may need some focused attention in order to conform to the baseline in the future. It’s important to note that the baseline requirements are currently in the form of a set of requirement statements; the IDESG working committees are currently developing supplemental information for each of the requirement statements to further clarify and explain the requirements (and how they can be met at this stage). The supplemental information is intended to help explain the requirements to all audiences, but, in particular, is intended to help guide those organizations that intend to perform self-assessments against the requirements later this year. This supplemental information will be part of IDEF v1 release later this year. The next IDESG plenary will take place at the Tampa, Florida, on September 24 and 25—co-located with the Global Identity Summit. The IDESG looks to complete the remaining aspects of IDEF v1—supplemental guidance, scoping statement, and self-attestation and listing service—in time for approval at this upcoming plenary. Kudos to the IDESG for accomplishing this major milestone, and we are looking forward to advancing further downfield this summer and getting IDEF v1 into the end zone. Follow the NSTIC NPO on Twitter for the latest updates.


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.