HOME

TheInfoList



Click Here for Items Related To - National Strategy For Trusted Identities In Cyberspace
OR:
National Strategy For Trusted Identities In Cyberspace on:   [Wikipedia]   [Google]   [Amazon]

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a
US government The Federal Government of the United States of America (U.S. federal government or U.S. government) is the national government of the United States. The U.S. federal government is composed of three distinct branches: legislative, execut ...
initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations. The strategy imagined an online environment where individuals and organizations can trust each other because they identify and authenticate their digital identities and the digital identities of organizations and devices. It was promoted to offer, but not mandate, stronger identification and authentication while protecting privacy by limiting the amount of information that individuals must disclose.


Description

The strategy was developed with input from private sector
lobbyist Lobbying is a form of advocacy, which lawfully attempts to directly influence legislators or government officials, such as regulatory agencies or judiciary. Lobbying involves direct, face-to-face contact and is carried out by various entities, in ...
s, including organizations representing 18 business groups, 70 nonprofit and federal advisory groups, and comments and dialogue from the public. The strategy had four guiding principles: # privacy-enhancing and voluntary # secure and resilient # interoperable # cost-effective and easy to use. The NSTIC described a vision compared to an
ecosystem An ecosystem (or ecological system) is a system formed by Organism, organisms in interaction with their Biophysical environment, environment. The Biotic material, biotic and abiotic components are linked together through nutrient cycles and en ...
where individuals, businesses, and other organizations enjoy greater trust and security as they conduct sensitive transactions online. Technologies, policies, and agreed upon standards would securely support transactions ranging from anonymous to fully authenticated and from low to high value in such an imagined world. Implementation included three initiatives: * The Identity Ecosystem Steering Group (IDESG), the private sector-led organization developing the Identity Ecosystem Framework; * Funding pilot projects that NSTIC said embrace and advance guiding principles; and * The Federal Cloud Credential Exchange (FCCX), the U.S. federal government service for government agencies to accept third-party issued credentials approved under the FICAM scheme. NSTIC was announced during the
Presidency of Barack Obama Barack Obama's tenure as the 44th president of the United States began with his first inauguration on January 20, 2009, and ended on January 20, 2017. Obama, a Democrat from Illinois, took office following his victory over Republican nomine ...
near the end of his first term on April 15, 2011. A magazine article said individuals might validate their identities securely for sensitive transactions (such as banking or viewing health records) and let them stay anonymous when they are not (such as blogging or surfing the Web). In January 2011, the
U.S. Department of Commerce The United States Department of Commerce (DOC) is an executive department of the U.S. federal government. It is responsible for gathering data for business and governmental decision making, establishing industrial standards, catalyzing econo ...
had established a
National Program Office The National Program Office (NPO) was an office of the United States Government, established to ensure continuity of government in the event of a national disaster. The NPO was established by a secret executive order (National Security Decision ...
(NPO), led by the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
, to help implement NSTIC. To coordinate implementation activities of federal agencies, the NPO works with the
White House The White House is the official residence and workplace of the president of the United States. Located at 1600 Pennsylvania Avenue Northwest (Washington, D.C.), NW in Washington, D.C., it has served as the residence of every U.S. president ...
Cybersecurity Coordinator, originally
Howard Schmidt Howard Anthony Schmidt (October 5, 1949 – March 2, 2017) was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating in ...
, and then after 2012 Michael Daniel.


Steering group

The NSTIC called a steering group led by the private sector to administer the development and adoption of its framework. This Identity Ecosystem Steering Group (IDESG) held a meeting in
Chicago Chicago is the List of municipalities in Illinois, most populous city in the U.S. state of Illinois and in the Midwestern United States. With a population of 2,746,388, as of the 2020 United States census, 2020 census, it is the List of Unite ...
August 15–16, 2012. The meeting brought together 195 members in person and 315 members remotely. Additional plenary meetings were in
Phoenix, Arizona Phoenix ( ) is the List of capitals in the United States, capital and List of cities and towns in Arizona#List of cities and towns, most populous city of the U.S. state of Arizona. With over 1.6 million residents at the 2020 census, it is the ...
,
Santa Clara, California Santa Clara ( ; Spanish language, Spanish for "Clare of Assisi, Saint Clare") is a city in Santa Clara County, California. The city's population was 127,647 at the 2020 United States census, 2020 census, making it the List of cities and towns i ...
and
Boston, Massachusetts Boston is the capital and most populous city in the Commonwealth (U.S. state), Commonwealth of Massachusetts in the United States. The city serves as the cultural and Financial centre, financial center of New England, a region of the Northeas ...
. Under a grant from 2012 through 2014, Trusted Federal Systems, Inc. was the group's administrative body.


Pilots

The federal government initiated and supported pilot programs. In 2012, NSTIC awarded $9 million to pilot projects in the first year. For example, the
American Association of Motor Vehicle Administrators The American Association of Motor Vehicle Administrators (AAMVA) is a 501(c)(3) nonprofit trade association based in Arlington, Virginia that operates in the United States and Canada on behalf of motor vehicle licensing and registration agencies. ...
was developing a demonstration of commercial identity provider credentials by the
Virginia Virginia, officially the Commonwealth of Virginia, is a U.S. state, state in the Southeastern United States, Southeastern and Mid-Atlantic (United States), Mid-Atlantic regions of the United States between the East Coast of the United States ...
state government, including securely verifying identities online with the Virginia Department of Motor Vehicles. The
Internet2 Internet2 is a not-for-profit United States computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must ...
received about $1.8 million for research.
ID.me ID.me, Inc. is an American online identity network company that allows people to provide proof of their legal identity online. ID.me digital credentials can be used to access government services, healthcare portals, or discounts from retailers. ...
was given a two-year grant in 2013. Further work funded by NIST is on their Trusted Identities Group Web Page.


Federal Cloud Credential Exchange

The NSTIC called for U.S. federal government agencies to be early adopters of the Identity Ecosystem envisioned in NSTIC. Agencies struggled to implement it for services they provide internally and externally. Technical, policy and cost barriers made it challenging to accept third-party credential providers accredited by the Federal Identity, Credential, and Access Management (FICAM) initiative. In response, the White House created a Federal Cloud Credential Exchange (FCCX) team, co-chaired by NSTIC and the
General Services Administration The General Services Administration (GSA) is an Independent agencies of the United States government, independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies. G ...
. The team consisted of representatives from agencies whose applications are accessed by a large population of external customers. In November 2012, the
United States Postal Service The United States Postal Service (USPS), also known as the Post Office, U.S. Mail, or simply the Postal Service, is an independent agencies of the United States government, independent agency of the executive branch of the federal governmen ...
was chosen to manage a pilot version of the FCCX, and awarded the contract to build it to SecureKey Technologies, a member of
FIDO Alliance The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addres ...
. That contract was renewed in May 2015.


Connect.gov

Connect.gov was launched in December 2014, the manifestation of this pilot. The first two companies to provide individual US citizens Identity Management services compatible with Connect.gov, were ID.me and Verizon. Ping Identity and Forgerock were the first software platforms to provide FICAM-compliant credentials, and enable private sector organizations to connect securely to government agencies, a primary objective of this project.


Login.gov

On May 10, 2016, 18F announced in a blog entry that Connect.gov would be replaced. The replacement system would be called Login.gov, and launched in April 2017.


Identity Ecosystem Steering Group

The Identity Ecosystem Steering Group (IDESG) received start up funding from NIST in 2010 and has since created a series of documents that is available on their website. In 2016, they introduced the Identity Ecosystem Framework (IDEF) Registry for self-assessment.


Criticism

The proposal generated criticism since it was released in draft form in June 2010. Much centered around privacy implications of the proposal. Shortly after the draft's release, the
Electronic Privacy Information Center The Electronic Privacy Information Center (EPIC) is an independent nonprofit research center established in 1994 to protect privacy, freedom of expression, and democratic values in the information age. Based in Washington, D.C., their mission i ...
(EPIC), with other consumer-rights and civil liberties organizations, sent the committee a statement in response to the draft NSTIC policy, requesting a clearer and more complete plan to create and safeguard Internet users' rights and privacy. While EPIC head, Marc Rotenberg, called NSTIC "historic," he also cautioned that "...online identity is a complex problem and the risk of 'cyber-
identity theft Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. ...
' with consolidated identity systems is very real. The US will need to do more to protect online privacy." NSTIC addressed some early privacy concerns through its 2013 fair information practice principles document. Subsequent initiatives sought to advance privacy. For example, the
American Civil Liberties Union The American Civil Liberties Union (ACLU) is an American nonprofit civil rights organization founded in 1920. ACLU affiliates are active in all 50 states, Washington, D.C., and Puerto Rico. The budget of the ACLU in 2024 was $383 million. T ...
and the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an American international non-profit digital rights group based in San Francisco, California. It was founded in 1990 to promote Internet civil liberties. It provides funds for legal defense in court, ...
were involved in a privacy committee in the IDESG.


References


External links

* {{DEFAULTSORT:National Strategy For Trusted Identities In Cyberspace Identity management initiative Computer network security