See my posting "Does NSTIC Help Prevent Identity Fraud" on the IDESG Discussion Forum http://bit.ly/139CYcC
- Reply
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
Three Hundred Million Reasons to Federate Identity: an IRS Case Study
Study indicates IRS net savings up to $305 million annually by adopting an improved identity management system. By adopting an NSTIC-aligned solution, the IRS could save up to $111 million up-front and $19 million annually relative to deploying a proprietary system.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions an “Identity Ecosystem” in which organizations and individuals may leverage trusted identities for access to services on the Internet. Shifting the paradigm of each organization deploying and maintaining its own stove-piped user account management system, organizations may instead deploy solutions that accept trusted credentials issued by 3rd parties, resulting in significant time and cost savings. A key component of the NSTIC mission is to advance this vision in U.S. government.
The U.S. government, like any large organization, is increasingly looking to deploy services online to both improve customer service and reduce costs. High risk or sensitive services require that government web sites verify the identity of the individual or organization accessing the service while ensuring the transaction remains private and is secure. Traditionally, this was achieved by deploying proprietary solutions on an agency-by-agency basis, with a predictable duplication of effort across government at significant additional cost to the taxpayer.
To develop a better understanding of how the NSTIC approach can improve government efficiency and ease-of-use, NIST, in partnership with the Internal Revenue Service (IRS), commissioned a study to estimate the benefits and costs of a deploying a proprietary identity management system and an NSTIC-aligned system within the IRS and compare those benefits and costs to current operations. Even without considering any reduction in fraud from improved authentication of taxpayers, the adoption of improved online identity management would result in a net benefit of $74 million to $305 million annually, relative to continuing current operations. Savings would move to the higher end of the range as taxpayer adoption increased.
When compared with a proprietary solution, the up-front costs would be $40 million to $111 million lower if the IRS decides to adopt NSTIC-aligned 3rd party credentials. Annual costs would be $2 million to $19 million lower, and annual benefits would be one-half million to 1.9 million higher, respectively.
The additional savings of an NSTIC-aligned solution result primarily from eliminating the need for the IRS to pay to identity proof all users individually. Under an NSTIC-aligned authentication system, the IRS could instead accept third-party trusted credentials already strengthened by identity proofing. These third-parties would be able to spread out the identity proofing costs across many relying parties at which the credential would be accepted.
For the IRS, this study presents a real opportunity to reduce service-related costs (like the $1 billion the IRS spent in 2012 communicating with taxpayers on paper and by telephone) if many of the services provided by the IRS shift online and more citizens use existing online services.
For other agencies, the potential for significant cost savings through service improvements is just as real. The value of the NSTIC to the IRS and many other agencies is that it would enable more transactions online that are currently being performed through more costly and inefficient means of interaction.
If one imagines the multiplying effect of all Federal agencies accepting trusted third party credentials rather than deploying proprietary schemes - as envisioned by the proposed Federal Cloud Credential Exchange (FCCX), another NSTIC-inspired initiative –the potential for even greater government cost savings becomes clear.
Many companies and other entities are already reaping the benefits of deploying federated identity systems. Many have joined the Identity Ecosystem Steering Group (IDESG) to create a framework to enable large-scale adoption, multiplying these benefits. The U.S. government believes this privately-led IDESG can drive the realization of the NSTIC vision across both government and the private sector, with the benefits enjoyed by all participating organizations. Moreover, the individual user will reap the greatest benefit by enjoying greater convenience, enhanced privacy, and improved security.
For the full IRS study, please click here.