We may have spent more than a year working with you to update major federal guidance – we’re looking at you, Special Publication (SP) 800-63 – but our work is far from complete. Now we're on to the hard part: supporting agencies as they implement the new SP 800-63 and driving towards global alignment of digital identity standards. Next week at the IDESG Plenary and the Federal Identity Forum, both at the convention center in Washington, D.C., we have a lot in store for NIST and our Trusted Identities Group (TIG) team this week.
What are we up to?
We are kicking the week off on September 11th with the Identity Ecosystem Steering Group (IDESG) Plenary. The plenary will start with an introduction to the new board of directors, an overview of the new business plan, and development of the upcoming year’s work agenda. In the morning, I'll provide some remarks on the state of the identity ecosystem. In an afternoon panel, representatives from three TIG pilots will showcase their projects and answer questions: Daon, a graduate of the pilots program, ID.me, a current grant recipient running two different programs, and Hydrant ID, one of our newer pilots moving toward production.
After finishing up the plenary agenda, the IDESG will be hosting a reception featuring tech demonstrations from a number of IDESG members.
We are also participating in the Federal Identity Summit 2017 (FedID), formerly the Global Identity Summit, which relocated to D.C. Be sure to stop by the NIST booth at the FedID Expo to learn more about NIST’s cybersecurity programs!
At FedID, the TIG team will be participating in several panels and sessions:
Wednesday, September 13th:
- 10:00 AM: I will lead a track on the future of U.S. government identity standards. The White House Office of Management and Budget will discuss its IT modernization approach and forthcoming digital identity policy, and the U.S. Defense Department will talk about how they are implementing the latest edition of SP 800-63.
- 11:00 AM: Jamie Danker from the Department of Homeland Security and Naomi will hold their session, “Practical Application of Privacy & Civil Liberties.” Attendees will get the scoop on the privacy requirements integrated throughout NIST SP 800-63. With this added privacy guidance, NIST aims to help implementers and privacy programs collaborate on privacy risk management while developing secure digital identity solutions. This session will also cover tools available to aid organizations in conducting privacy risk assessments and share use cases that demonstrate these tools in practice.
- 3:15 PM: Paul Grassi, NIST’s Senior Standards and Technology Advisor, will then take the stage for a panel on identity standards. During “A Survey of Identity Standards,” panelists will review the many identity standards comprising the infrastructure enabling trusted transactions online. This panel will provide an overview of the building blocks of identity standards, the role they play in creating a trusted identity ecosystem, and a practical application for putting them all together.
- 4:15 PM: Session on NIST’s international standards alignment efforts: “Going global: How standardizing standards can encourage markets globally.” The GOV.UK Verify Program, Government of Canada, and TIG have been collaborating to compare their national frameworks for identity assurance to create a broad and competitive global market for identity solutions and enable cross-border interoperability of credentials. This session will detail how the three groups are working together on identity standards.
September 14th FedID festivities:
- 11:00 AM: I will be back on stage leading a discussion on “The economics of high-assurance digital identities.” The Federal Government spends a lot of money on high assurance digital identities, given that every employee at each agency undergoes extensive identity vetting to receive a credential for accessing secure networks. On the constituent side of the equation, it’s a bit more complicated, as we need to ensure delivery of services and benefits to individuals we often never see in person. The session will look at some of the changes that 800-63B makes to existing password guidance that will hopefully make it easier for consumers.
- 2:25 PM: I’m back at it again on a panel called “un-phishable" authentication at the U.S. Department of Veterans Affairs. You’ll hear about the importance of multi-factor authentication in a well-rounded identity program.
We are looking forward to sharing our successes, learning from you, and seeing you next week.