The National Institute of Standards and Technology (NIST) released its recommendations for a new, privately led steering group to tackle the complex policy and technical issues necessary to create an online environment where individuals and organizations will be able to better trust one another. In a report released Feb. 7, 2012, NIST also announced its intent to issue a Federal Funding Opportunity for an organization to convene the steering group and provide it with initial secretarial, administrative and logistical support.
The report lays out a path for implementing the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative to bring together the private sector, advocacy groups, public-sector agencies and others to improve the privacy, security and convenience of online transactions.
"While NSTIC is a government initiative, the 'Identity Ecosystem' it envisions must be led by the private sector," said Jeremy Grant, NIST's senior executive advisor for identity management. "The recommendations we published today lay out a specific path to bring together all NSTIC stakeholders—including the private sector, advocacy groups, public-sector agencies and other organizations—to jointly create an online environment, the ecosystem, where individuals and organizations will be able to better trust one another, with minimized disclosure of personal information."
The new report contains several key recommendations, including:
- An Identity Ecosystem Steering Group should be established as a new organization that is led by the private sector in conjunction with, but independent of, the federal government.
- The group should be structured to safeguard protections for individual privacy and the underrepresented, through mechanisms such as a special privacy coordination committee and an appointed ombudsman.
- The group should be initially funded by the government through a competitive two-year grant to catalyze its formation and ensure there are no barriers to participation. After a period of initial government support, the steering group will need to establish a self-sustaining structure capable of allowing continued growth and operational independence.
The report also includes a recommended charter to help jumpstart the steering group's initial activities.
The NIST report was developed with significant input from the public. In June 2011, NIST published a Notice of Inquiry* to solicit feedback and examples from the public. More than 270 people participated in a workshop and 57 responses were received to the notice of inquiry from a wide variety of stakeholders, including private industry and consumer advocacy groups.
The report, "Recommendations for Establishing an Identity Ecosystem Governance Structure" can be found at http://www.nist.gov/nstic/2012-nstic-governance-recs.pdf.
NIST is planning a follow-on workshop on March 15, 2012, at the Department of Commerce in Washington, D.C., to convene stakeholders, review the findings of the report and kickoff NSTIC implementation activities in advance of the formal formation of the steering group later this spring.
Further information about this event and other upcoming NSTIC events will be available at: http://www.nist.gov/nstic.
A copy of the full text of the National Strategy for Trusted Identities in Cyberspace signed by President Obama in April 2011 is available at: http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf.