On January 12-13, 2016, NIST will host a technical workshop, Applying Measurement Science in the Identity Ecosystem.
Participants will collaborate about ways to measure and compare the performance of solutions in the Identity Ecosystem, specifically:
- Strength of identity proofing, both remote and in-person;
- Strength of authentication with a focus on biometrics; and
- Attribute confidence to assist in effective authorization decision making.
This two-day event at the NIST campus in Gaithersburg, Maryland, will bring together leading security practitioners, solution providers, experts, and policy makers from across sectors. With the growth of available solutions in the market, the NPO believes it's now time to improve the science behind identity assurance—and that the agencies and industry will benefit from better tools to measure the performance of solutions.
NIST is shifting its focus to these issues at a vital time. Last October, President Obama's Executive Order 13681 called for multi-factor authentication and effective identity proofing processes in federal agencies' digital services that involve personal data. Emerging technologies, like those in mobile and biometrics, are poised to be game-changers in the way we think about identity and access management. Based on these innovations, the explosion of tools and techniques in the market, and the need to remain flexible in guidelines and standards, metrics are a critical element of well-informed risk decisions. By aligning risk tolerance with a measure of strength in proofing and authentication– or attribute confidence– agencies can determine exactly what market solutions best can meet their needs.
NIST has released a series of brief whitepapers addressing each of the primary focus areas for the workshop. With the whitepapers as a starting point, stakeholders will have an opportunity to provide critical feedback at this workshop and guide next steps—which will be critical inputs to federal guidance on each of these topics as well as international standards. To make these efforts meaningful, engagement is needed from a diverse array of stakeholders on how measurement science and risk practices can be aligned to help mitigate the cyber threats faced today.
Whitepapers can be found here.