fbpx
Wikipedia

National Strategy for Trusted Identities in Cyberspace

January 01, 1970

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.[1]

The strategy imagined an online environment where individuals and organizations can trust each other because they identify and authenticate their digital identities and the digital identities of organizations and devices.[2] It was promoted to offer, but not mandate, stronger identification and authentication while protecting privacy by limiting the amount of information that individuals must disclose.[3]

Description edit

The strategy was developed with input from private sector lobbyists, including organizations representing 18 business groups, 70 nonprofit and federal advisory groups, and comments and dialogue from the public.

The strategy had four guiding principles:[4]

  1. privacy-enhancing and voluntary
  2. secure and resilient
  3. interoperable
  4. cost-effective and easy to use.

The NSTIC described a vision compared to an ecosystem where individuals, businesses, and other organizations enjoy greater trust and security as they conduct sensitive transactions online. Technologies, policies, and agreed upon standards would securely support transactions ranging from anonymous to fully authenticated and from low to high value in such an imagined world. Implementation included three initiatives:

  • The Identity Ecosystem Steering Group (IDESG), the private sector-led organization developing the Identity Ecosystem Framework;[5]
  • Funding pilot projects that NSTIC said embrace and advance guiding principles;[6] and
  • The Federal Cloud Credential Exchange (FCCX),[7] the U.S. federal government service for government agencies to accept third-party issued credentials approved under the FICAM scheme.

NSTIC was announced during the Presidency of Barack Obama near the end of his first term on April 15, 2011.[1] A magazine article said individuals might validate their identities securely for sensitive transactions (such as banking or viewing health records) and let them stay anonymous when they are not (such as blogging or surfing the Web).[8]

In January 2011, the U.S. Department of Commerce had established a National Program Office (NPO), led by the National Institute of Standards and Technology, to help implement NSTIC.[9] To coordinate implementation activities of federal agencies, the NPO works with the White House Cybersecurity Coordinator, originally Howard Schmidt,[3] and then after 2012 Michael Daniel.[10]

Steering group edit

The NSTIC called a steering group led by the private sector to administer the development and adoption of its framework. This Identity Ecosystem Steering Group (IDESG) held a meeting in Chicago August 15–16, 2012.[11] The meeting brought together 195 members in person and 315 members remotely. Additional plenary meetings were in Phoenix, Arizona,[12] Santa Clara, California[13] and Boston, Massachusetts. Under a grant from 2012 through 2014, Trusted Federal Systems, Inc. was the group's administrative body.[14]

Pilots edit

The federal government initiated and supported pilot programs. In 2012, NSTIC awarded $9 million to pilot projects in the first year. For example, the American Association of Motor Vehicle Administrators was developing a demonstration of commercial identity provider credentials by the Virginia state government, including securely verifying identities online with the Virginia Department of Motor Vehicles.[15] The Internet2 received about $1.8 million for research.[15] ID.me was given a two-year grant in 2013.[16]

Further work funded by NIST is on their Trusted Identities Group Web Page.[17]

Federal Cloud Credential Exchange edit

The NSTIC called for U.S. federal government agencies to be early adopters of the Identity Ecosystem envisioned in NSTIC.[7] Agencies struggled to implement it for services they provide internally and externally. Technical, policy and cost barriers made it challenging to accept third-party credential providers accredited by the Federal Identity, Credential, and Access Management (FICAM) initiative.[18]

In response, the White House created a Federal Cloud Credential Exchange (FCCX) team, co-chaired by NSTIC and the General Services Administration. The team consisted of representatives from agencies whose applications are accessed by a large population of external customers. In November 2012, the United States Postal Service was chosen to manage a pilot version of the FCCX, and awarded the contract to build it to SecureKey Technologies, a member of FIDO Alliance. That contract was renewed in May 2015.[19][20]

Connect.gov edit

Connect.gov was launched in December 2014, the manifestation of this pilot. The first two companies to provide individual US citizens Identity Management services compatible with Connect.gov, were ID.me and Verizon.[21] Ping Identity and Forgerock were the first software platforms to provide FICAM-compliant credentials, and enable private sector organizations to connect securely to government agencies, a primary objective of this project.[22][23]

Login.gov edit

Main article: Login.gov

On May 10, 2016, 18F announced in a blog entry that Connect.gov would be replaced.[24][25] The replacement system would be called Login.gov,[26] and launched in April 2017.[27]

Identity Ecosystem Steering Group edit

The Identity Ecosystem Steering Group (IDESG) received start up funding from NIST in 2010 and has since created a series of documents that is available on their website.[28] In 2016, they introduced the Identity Ecosystem Framework (IDEF) Registry[29] for self-assessment.

Criticism edit

The proposal generated criticism since it was released in draft form in June 2010.[3][30] Much centered around privacy implications of the proposal.

Shortly after the draft's release, the Electronic Privacy Information Center (EPIC), with other consumer-rights and civil liberties organizations, sent the committee a statement in response to the draft NSTIC policy, requesting a clearer and more complete plan to create and safeguard Internet users' rights and privacy.[31] While EPIC head, Marc Rotenberg, called NSTIC "historic," he also cautioned that "...online identity is a complex problem and the risk of 'cyber-identity theft' with consolidated identity systems is very real. The US will need to do more to protect online privacy."[32]

NSTIC addressed some early privacy concerns through its 2013 fair information practice principles document.[33] Subsequent initiatives sought to advance privacy. For example, the American Civil Liberties Union and the Electronic Frontier Foundation were involved in a privacy committee in the IDESG.

References edit

  1. ^ a b "Administration Releases Strategy to Protect Online Consumers and Support Innovation and Fact Sheet on National Strategy for Trusted Identities in Cyberspace". Press release. Office of the White House. April 15, 2011. Retrieved November 9, 2013.
  2. ^ "National Strategy for Trusted Identities in Cyberspace" (PDF). April 14, 2011. Retrieved September 9, 2017.
  3. ^ a b c Howard A. Schmidt (June 25, 2010). "The National Strategy for Trusted Identities in Cyberspace". whitehouse.gov. Retrieved September 5, 2023 – via National Archives.
  4. ^ . Archived from the original on 2013-08-15. Retrieved 2013-08-16.
  5. ^ . Archived from the original on 2013-06-29. Retrieved 2013-08-16.
  6. ^ Boeckl, Kaitlin (29 April 2016). . nist.gov. Archived from the original on 2016-07-07.
  7. ^ a b "Putting the Fed in Federation: The U.S. Government as Early Adopter of the Identity Ecosystem - I Think, Therefore IAM".
  8. ^ Mat Honan (November 15, 2012). "Kill the Password - Why a String of Characters Can't Protect Us Anymore". Wired Gadget Lab. Retrieved November 9, 2013.
  9. ^ "National Program Office Planned for Online Trusted Identity Strategy". Press release. NIST. January 19, 2011. Retrieved November 10, 2013.
  10. ^ "Michael Daniel: Special Assistant to the President and Cybersecurity Coordinator". whitehouse.gov. Retrieved November 9, 2013 – via National Archives.
  11. ^ . Archived from the original on 2013-11-09. Retrieved 2013-08-16.
  12. ^ . Archived from the original on 2013-08-10. Retrieved 2013-08-16.
  13. ^ . Archived from the original on 2013-08-08. Retrieved 2013-08-16.
  14. ^ "NSTIC Welcomes Trusted Federal Systems as Secretariat of the Identity Ecosystem Steering Group". NSTIC blog. July 12, 2012. Retrieved November 9, 2013.
  15. ^ a b "Five Pilot Projects Receive Grants to Promote Online Security and Privacy". Press release. NIST. September 20, 2012. Retrieved November 10, 2013.
  16. ^ "NSTIC, ID.me, Inc". www.nist.gov. National Institute of Standards and Technology. Retrieved 21 February 2015.
  17. ^ "Trusted Identities Group". NIST.
  18. ^ . Archived from the original on 2013-08-19. Retrieved 2013-08-16.
  19. ^ "SecureKey Technologies Wins Contract with U.S. Postal Service to Implement Federal Cloud Credential Exchange - SecureKey".
  20. ^ Fontana, John. "Connect.Gov solidifies, expands ID credential plan for federal agencies - ZDNet". ZDNet.
  21. ^ "Connect.gov is latest attempt to get buy-in to online ID management". 22 December 2014.
  22. ^ Fontana, John (April 30, 2015). "Connect.Gov solidifies, expands ID credential plan for federal agencies". ZD Net. Retrieved May 6, 2015.
  23. ^ Miller, Jason (December 22, 2014). "Connect.gov is latest attempt to get buy-in to online ID management". Federal News Radio. Retrieved May 6, 2015.
  24. ^ "18F: Digital service delivery | Building a modern shared authentication platform". Retrieved 2017-07-02.
  25. ^ "Feds scrap Connect.Gov - SecureIDNews". SecureIDNews. Retrieved 2017-07-02.
  26. ^ "Login.Gov replacing Connect.Gov - SecureIDNews". SecureIDNews. Retrieved 2017-07-02.
  27. ^ "18F: Digital service delivery | Government launches login.gov to simplify access to public services". 18f.gsa.gov. Retrieved 2018-02-16.
  28. ^ "The Identity Ecosystem Steering Group".
  29. ^ "Identity Ecosystem Framework (IDEF) Registry".
  30. ^ Lance Whitney (June 28, 2010). "White House drafting plan for cyberspace safety". CNet news. Retrieved November 9, 2013.
  31. ^ Lillie Coney; et al. (September 23, 2010). "Statement on the National Strategy for Trusted Identities in Cybersecurity Creating Options for Enhanced Online Security and Privacy" (PDF). Privacy International and Electronic Privacy Information Center. Retrieved November 9, 2013.
  32. ^ Center. "EPIC - National Strategy for Trusted Identities in Cyberspace (NSTIC)". epic.org.
  33. ^ "Appendix A – Fair Information Practice Principles" (PDF). NSTIC. April 4, 2013.

External links edit

  • Official website

January 01, 1970
national, strategy, trusted, identities, cyberspace, nstic, government, initiative, announced, april, 2011, improve, privacy, security, convenience, sensitive, online, transactions, through, collaborative, efforts, with, private, sector, advocacy, groups, gove. The National Strategy for Trusted Identities in Cyberspace NSTIC is a US government initiative announced in April 2011 to improve the privacy security and convenience of sensitive online transactions through collaborative efforts with the private sector advocacy groups government agencies and other organizations 1 The strategy imagined an online environment where individuals and organizations can trust each other because they identify and authenticate their digital identities and the digital identities of organizations and devices 2 It was promoted to offer but not mandate stronger identification and authentication while protecting privacy by limiting the amount of information that individuals must disclose 3 Contents 1 Description 2 Steering group 3 Pilots 4 Federal Cloud Credential Exchange 4 1 Connect gov 4 2 Login gov 5 Identity Ecosystem Steering Group 6 Criticism 7 References 8 External linksDescription editThe strategy was developed with input from private sector lobbyists including organizations representing 18 business groups 70 nonprofit and federal advisory groups and comments and dialogue from the public The strategy had four guiding principles 4 privacy enhancing and voluntary secure and resilient interoperable cost effective and easy to use The NSTIC described a vision compared to an ecosystem where individuals businesses and other organizations enjoy greater trust and security as they conduct sensitive transactions online Technologies policies and agreed upon standards would securely support transactions ranging from anonymous to fully authenticated and from low to high value in such an imagined world Implementation included three initiatives The Identity Ecosystem Steering Group IDESG the private sector led organization developing the Identity Ecosystem Framework 5 Funding pilot projects that NSTIC said embrace and advance guiding principles 6 and The Federal Cloud Credential Exchange FCCX 7 the U S federal government service for government agencies to accept third party issued credentials approved under the FICAM scheme NSTIC was announced during the Presidency of Barack Obama near the end of his first term on April 15 2011 1 A magazine article said individuals might validate their identities securely for sensitive transactions such as banking or viewing health records and let them stay anonymous when they are not such as blogging or surfing the Web 8 In January 2011 the U S Department of Commerce had established a National Program Office NPO led by the National Institute of Standards and Technology to help implement NSTIC 9 To coordinate implementation activities of federal agencies the NPO works with the White House Cybersecurity Coordinator originally Howard Schmidt 3 and then after 2012 Michael Daniel 10 Steering group editThe NSTIC called a steering group led by the private sector to administer the development and adoption of its framework This Identity Ecosystem Steering Group IDESG held a meeting in Chicago August 15 16 2012 11 The meeting brought together 195 members in person and 315 members remotely Additional plenary meetings were in Phoenix Arizona 12 Santa Clara California 13 and Boston Massachusetts Under a grant from 2012 through 2014 Trusted Federal Systems Inc was the group s administrative body 14 Pilots editThe federal government initiated and supported pilot programs In 2012 NSTIC awarded 9 million to pilot projects in the first year For example the American Association of Motor Vehicle Administrators was developing a demonstration of commercial identity provider credentials by the Virginia state government including securely verifying identities online with the Virginia Department of Motor Vehicles 15 The Internet2 received about 1 8 million for research 15 ID me was given a two year grant in 2013 16 Further work funded by NIST is on their Trusted Identities Group Web Page 17 Federal Cloud Credential Exchange editThe NSTIC called for U S federal government agencies to be early adopters of the Identity Ecosystem envisioned in NSTIC 7 Agencies struggled to implement it for services they provide internally and externally Technical policy and cost barriers made it challenging to accept third party credential providers accredited by the Federal Identity Credential and Access Management FICAM initiative 18 In response the White House created a Federal Cloud Credential Exchange FCCX team co chaired by NSTIC and the General Services Administration The team consisted of representatives from agencies whose applications are accessed by a large population of external customers In November 2012 the United States Postal Service was chosen to manage a pilot version of the FCCX and awarded the contract to build it to SecureKey Technologies a member of FIDO Alliance That contract was renewed in May 2015 19 20 Connect gov edit Connect gov was launched in December 2014 the manifestation of this pilot The first two companies to provide individual US citizens Identity Management services compatible with Connect gov were ID me and Verizon 21 Ping Identity and Forgerock were the first software platforms to provide FICAM compliant credentials and enable private sector organizations to connect securely to government agencies a primary objective of this project 22 23 Login gov edit Main article Login gov On May 10 2016 18F announced in a blog entry that Connect gov would be replaced 24 25 The replacement system would be called Login gov 26 and launched in April 2017 27 Identity Ecosystem Steering Group editThe Identity Ecosystem Steering Group IDESG received start up funding from NIST in 2010 and has since created a series of documents that is available on their website 28 In 2016 they introduced the Identity Ecosystem Framework IDEF Registry 29 for self assessment Criticism editThe proposal generated criticism since it was released in draft form in June 2010 3 30 Much centered around privacy implications of the proposal Shortly after the draft s release the Electronic Privacy Information Center EPIC with other consumer rights and civil liberties organizations sent the committee a statement in response to the draft NSTIC policy requesting a clearer and more complete plan to create and safeguard Internet users rights and privacy 31 While EPIC head Marc Rotenberg called NSTIC historic he also cautioned that online identity is a complex problem and the risk of cyber identity theft with consolidated identity systems is very real The US will need to do more to protect online privacy 32 NSTIC addressed some early privacy concerns through its 2013 fair information practice principles document 33 Subsequent initiatives sought to advance privacy For example the American Civil Liberties Union and the Electronic Frontier Foundation were involved in a privacy committee in the IDESG References edit a b Administration Releases Strategy to Protect Online Consumers and Support Innovation and Fact Sheet on National Strategy for Trusted Identities in Cyberspace Press release Office of the White House April 15 2011 Retrieved November 9 2013 National Strategy for Trusted Identities in Cyberspace PDF April 14 2011 Retrieved September 9 2017 a b c Howard A Schmidt June 25 2010 The National Strategy for Trusted Identities in Cyberspace whitehouse gov Retrieved September 5 2023 via National Archives Adherence to the NSTIC Guiding Principles Identity Ecosystem Steering Group Archived from the original on 2013 08 15 Retrieved 2013 08 16 Identity Ecosystem Framework Identity Ecosystem Steering Group Archived from the original on 2013 06 29 Retrieved 2013 08 16 Boeckl Kaitlin 29 April 2016 Pilot projects amp partners nist gov Archived from the original on 2016 07 07 a b Putting the Fed in Federation The U S Government as Early Adopter of the Identity Ecosystem I Think Therefore IAM Mat Honan November 15 2012 Kill the Password Why a String of Characters Can t Protect Us Anymore Wired Gadget Lab Retrieved November 9 2013 National Program Office Planned for Online Trusted Identity Strategy Press release NIST January 19 2011 Retrieved November 10 2013 Michael Daniel Special Assistant to the President and Cybersecurity Coordinator whitehouse gov Retrieved November 9 2013 via National Archives Identity Ecosystem Steering Group Created to administer the development of policy standards and accreditation processes for the Identity Ecosystem Framework Archived from the original on 2013 11 09 Retrieved 2013 08 16 February 2013 Plenary Identity Ecosystem Steering Group Archived from the original on 2013 08 10 Retrieved 2013 08 16 May 2013 Plenary Identity Ecosystem Steering Group Archived from the original on 2013 08 08 Retrieved 2013 08 16 NSTIC Welcomes Trusted Federal Systems as Secretariat of the Identity Ecosystem Steering Group NSTIC blog July 12 2012 Retrieved November 9 2013 a b Five Pilot Projects Receive Grants to Promote Online Security and Privacy Press release NIST September 20 2012 Retrieved November 10 2013 NSTIC ID me Inc www nist gov National Institute of Standards and Technology Retrieved 21 February 2015 Trusted Identities Group NIST FICAM Roadmap and Implementation Guidance IDManagement gov Archived from the original on 2013 08 19 Retrieved 2013 08 16 SecureKey Technologies Wins Contract with U S Postal Service to Implement Federal Cloud Credential Exchange SecureKey Fontana John Connect Gov solidifies expands ID credential plan for federal agencies ZDNet ZDNet Connect gov is latest attempt to get buy in to online ID management 22 December 2014 Fontana John April 30 2015 Connect Gov solidifies expands ID credential plan for federal agencies ZD Net Retrieved May 6 2015 Miller Jason December 22 2014 Connect gov is latest attempt to get buy in to online ID management Federal News Radio Retrieved May 6 2015 18F Digital service delivery Building a modern shared authentication platform Retrieved 2017 07 02 Feds scrap Connect Gov SecureIDNews SecureIDNews Retrieved 2017 07 02 Login Gov replacing Connect Gov SecureIDNews SecureIDNews Retrieved 2017 07 02 18F Digital service delivery Government launches login gov to simplify access to public services 18f gsa gov Retrieved 2018 02 16 The Identity Ecosystem Steering Group Identity Ecosystem Framework IDEF Registry Lance Whitney June 28 2010 White House drafting plan for cyberspace safety CNet news Retrieved November 9 2013 Lillie Coney et al September 23 2010 Statement on the National Strategy for Trusted Identities in Cybersecurity Creating Options for Enhanced Online Security and Privacy PDF Privacy International and Electronic Privacy Information Center Retrieved November 9 2013 Center EPIC National Strategy for Trusted Identities in Cyberspace NSTIC epic org Appendix A Fair Information Practice Principles PDF NSTIC April 4 2013 External links editOfficial website Retrieved from https en wikipedia org w index php title National Strategy for Trusted Identities in Cyberspace amp oldid 1199103200, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.