The Administration's National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions an online environment—the "Identity Ecosystem"—that improves on the use of passwords and usernames and allows individuals and organizations to better trust one another, with minimized disclosure of personal information.
The Identity Ecosystem is a user-centric online environment, a set of technologies, policies, and agreed- upon standards, that securely supports transactions ranging from anonymous to fully authenticated and from low to high value. It would include a vibrant marketplace that allows people to choose among multiple identity providers—both private and public—that would issue trusted credentials that prove identity. Key attributes of the Identity Ecosystem include privacy, convenience, efficiency, ease-of-use, security, confidence, innovation, and choice.
Creating this Identity Ecosystem will require input from the private sector, advocacy groups, public-sector agencies and others.
Proposed NIST Program
The request continues and expands existing efforts led by the National Program Office (NPO) located at NIST to coordinate federal activities needed to implement NSTIC.
Specifically, the FY 2013 request funds for competitively selected pilot project grants that will enable the private sector to work with state, local, and regional governments to improve acceptance of Identity Ecosystem components.
The selected NSTIC pilot programs will demonstrate innovative frameworks that can provide a foundation for more trusted online transactions and tackle barriers that have, to date, impeded the Identity Ecosystem from being fully realized.
Benefits expected include:
- the emergence of privacy-enhancing, trusted authentication solutions provided by the private sector that increase productivity and innovation while reducing losses for businesses and better protect individuals from cybercrime;
- improved privacy and protection of data by demonstrating mechanisms that enable a user to authorize the secondary use or disclosure of personally identifiable information or limit collection of transactional information;
- improved security and interoperability of credentials through the use or creation of technology solutions based on private sector offerings that align with the goals and objectives of the strategy;
- improved the resilience of data breach recovery through the use of digital credentials that are created through known and trusted processes used by the Identity Ecosystem; and
- a self-sustaining, private-sector-led Identity Ecosystem (by 2015) that brings together all stakeholders—the private sector, advocacy groups, and public-sector agencies—to address authentication challenges and allow continued expansion of the nation's online economy.