Come Hang Out With Us to Talk Identity and Innovation in Health Care

Identity is critical to Health Information Technology (HIT), particularly when it comes to sharing health information online.  Patients and health providers aren’t going to share personal information if they can’t solve the “identity conundrum” – how to validate that information is going to the right person.

We’re excited to participate with the Office of the National Coordinator (ONC) for Health IT in an Innovation Engagement Hangout on Google that will dive into some of the new ways developers can address the identity conundrum, leveraging new approaches spurred in part by NSTIC.  The Hangout, on December 18th at 2:00 PM, will highlight what the NSTIC NPO is doing, in concert with the private sector, to try to develop a more mature identity toolkit that will make it easier for developers to support easy-to-use identity solutions that protect and enhance security and privacy.  We’ll also touch on President Obama’s recent Executive Order 13681, which requires agencies to ensure that all agencies making personal data accessible to citizens through digital applications require the use of multiple factors of authentication and an effective identity proofing process.

The Hangout will feature Jeremy Grant from the NSTIC NPO and Eve Maler, VP of Innovation & Emerging Technology at ForgeRock, as they discuss the recent White House EO and the NSTIC vision for a vibrant Identity Ecosystem—with a special focus on how health IT startups can get involved in these efforts.

Join the Hangout: https://plus.google.com/events/cbvrl2fum6hfceoqrqookc8ltl4

Follow us on Twitter: @NSTICNPO

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

Everybody Needs Identity.

Whether you are 19 or 91, protecting your identity is extremely important – particularly as identity breaches become more pervasive and affect more people worldwide. A recent study revealed the concerns about identity theft are high, with four out of five adults calling identity theft a concern, and about half calling it a “major” concern.*

Against this backdrop, the National Strategy for Trusted Identities in Cyberspace (NSTIC) is focused on empowering individuals to better protect their security and privacy online. Protecting and controlling our digital identities allows us to live in a safer virtual realm; if we can trust the transactions we make online, we can better realize the benefits of the digital world.

A major challenge with getting individuals to start using technologies that can better protect their identity is usability: if a solution makes things more complicated and offers little visible benefit, consumers simply won’t use it. Usability becomes even more challenging when you consider all of the different types of people who might use a solution. Differences in age, background, and abilities all may impact whether someone considers a technology to be “easy to use.”

For this reason, one focus of the NSTIC pilots has been to test how different types of consumers respond to different types of identity solutions. Collectively, the NSTIC pilots have touched students, parents, patients, seniors, veterans, online shoppers, and a variety of other demographics. One of our more exciting pilots has involved the AARP.

AARP is a nonprofit organization that helps families with life issues that are most important to them—such as retirement planning, healthcare, and employment security. As part of its mission, AARP has been exploring new ways to help its 37 million plus members aged 50 and above better protect their privacy and security with innovative methods; Jim Barnett, Senior Strategic Advisor for Digital Identity Management at AARP, explains “we want to equip our members to live their best lives.”

AARP has partnered with NSTIC pilot awardee Daon to pilot the use of Daon’s “TrustX” mobile biometric authentication solution to enable AARP members to enroll and access their personal health records in a way that is both secure and easy to use. TrustX is a cloud-based biometric solution, which allows for simple PIN, facial, or voice biometric authentication—allowing people to choose which mode works best for them.

“The pilot has been a great platform to discuss usability and secure interoperable credentials,” Barnett says. Since the AARP user base is comprised of members with varying levels of technological expertise, the need for a streamlined user experience is of key importance. “We have to make sure that anyone that comes to us online will understand this intuitively.” Interaction with every member in a natural and simple way is AARP’s ultimate goal—and the pilot program is the perfect forum for testing this goal.

The NSTIC pilot has also been instrumental in AARP’s ability to begin to understand the type of trusted identity solutions their members need. The need for an interoperable solution that every user can understand and trust—which will ultimately contribute to a better, safer, online environment for members—is the key to success. Having a range of options for solutions is also important since consumers should be able to pick a solution that fits in best with their lifestyle.

He continues to look to the NSTIC Guiding Principles for direction moving forward; Barnett emphasizes that they often turn to the Guiding Principles as a baseline for what an ideal identity solution needs to be when evaluating potential solutions. The progress already made as a result of the pilot program will be instrumental in creating additional conveniences and protections for AARP’s millions of members. Also, AARPs overall understanding of the solution needs of their member base has increased, and will continue to increase as we work together to make progress in the future.

*Centrify survey

Posted in Uncategorized | Leave a comment

It’s Not Just About Security; Identity is the Great Enabler

Last week, President Obama signed a new Executive Order calling for “all agencies making personal data accessible to citizens through digital applications” to “require the use of multiple factors of authentication and an effective identity proofing process.”  The President set a deadline of 18 months for agencies to comply.

Since the release of this Executive Order, the press has focused quite a bit on how it will improve the security of government sites, and help better protect the security and privacy of citizens’ data. It’s an important point – especially because the vast majority of data breaches are executed by exploiting the weaknesses of passwords. However, the benefits of improving identity go well beyond security. What is most exciting about this new Executive Order is how it will enable government to more effectively serve the American people through a wide array of new citizen-facing digital government applications.

Since the advent of the Internet in the 1990s, the vast majority of government websites have focused on low-value or passive applications – sharing general information about government activities and answering common questions about programs. But higher-value applications that enable citizens to have a truly personalized experience (e.g. transacting business with government or obtaining personal data) have largely been mired in the offline world.

The reason has been simple: higher value applications come with higher risk, so agencies will only offer a service online if there’s an easy way to ascertain whether the “person” on the other end of a transaction is really who he or she claims to be. Twenty-one years after the New Yorker proclaimed, “On the Internet, nobody knows you’re a dog,” we’re still dealing with certain services being stuck in the paper world because agencies can’t reliably authenticate identities online.

There’s nothing wrong with being a “dog” on the Internet, per se – the ability to be anonymous or pseudonymous online has been a hallmark of the Internet, and must continue to be. Conversely, there are times when the ability to assert your true identity online is essential to enabling high-value services – and ensuring that someone else cannot impersonate you.

Three and a half years ago, President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC). Targeted at the growing array of cybersecurity problems caused by passwords and other weak identity solutions, NSTIC called for the private sector to partner with government on the creation of an Identity Ecosystem – essentially a marketplace of stronger identity solutions that Americans could use in lieu of passwords to not only better protect their privacy and security online, but also to engage in new types of trusted transactions.

Identity is the great enabler here – if we have easy-to-use identity solutions that enable secure and privacy-enhancing transactions, we can enable citizens to engage with government in more meaningful ways. With a vibrant Identity Ecosystem – where citizens can use the same credential to access services at multiple sites – we can enable a wide array of new citizen-facing digital services while reducing costs and hassles for individuals and government agencies alike.

In the three and a half years since the NSTIC was first signed, the market has responded. Many private firms have started offering multi-factor authentication (MFA) to their customers, ensuring that the most commonly executed, password-centric attacks are no longer viable. And, through more than a dozen NSTIC pilots, the private sector has demonstrated material progress in advancing more secure, privacy-enhancing, easy-to-use identity solutions. It’s time for the government to make sure our own services are embracing the best the market now has to offer.

Last week’s Executive Order calls on three parts of the White House – the Office of Management and Budget, the Office of Science and Technology Policy, and the National Security Council – to craft a plan over the next 90 days detailing how agencies will comply with the Order. We at the NSTIC National Program Office (NPO) look forward to supporting the White House however we can as they move forward.

Posted in Uncategorized | 2 Comments

Investor-focused NSTIC Pilot Demonstrates Identity Management is no Longer Just a Cost Center

Websites often struggle with the trade-offs between increased security and user convenience. Many of the NSTIC pilots are confronting this challenge head-on, piloting solutions that demonstrate enhanced security and privacy is not at odds with convenience.

ID/Dataweb, through its NSTIC Pilot with Broadridge Financial Solutions, is enabling just this type of solution. A subsidiary of Criterion Systems, ID/Dataweb is allowing customers the convenience of “bring your own identity” without sacrificing security and privacy.

Broadridge is a leading provider of investor communications – if you own a stock or mutual fund, odds are that the mail your brokerage sends you is sent through a service run by Broadridge. Given all the Americans who have brokerage accounts, that’s a lot of paper, and it costs a lot of money – about $3 billion each year. Digital delivery could save dollars and trees; however, because brokerage services are regulated, digital delivery is difficult without a robust identity solution that can bind email addresses to real identities.

ID/Dataweb, as part of its NSTIC pilot, has successfully deployed an Attribute Exchange Network (AXN) that brings together multiple identity providers such as Google, Verizon, Symantec, AOL, Facebook, LinkedIn, Amazon, and attribute providers including LexisNexis, Experian, Equifax, and PacificEast. The AXN platform enables a user-centric experience, allowing users to choose from multiple identity providers while permitting them to manage their attributes both during the authentication flow and via a user managed console.

Using ID Dataweb’s (IDW) AXN, Broadridge customers are now able to access digital content delivered via their Kindle or other mobile device, without having to create a new account or get a new credential. Furthermore, this provides Broadridge with the ability to verify the identity of the customer before granting access to sensitive documents, such as investment account financial statements and phone bills. Going forward, the pilot operations are transitioning to Inlet, a new joint venture launched by Broadridge and Pitney Bowes to accelerate the delivery of digital content in financial services. The ID/Dataweb solution provides the crucial identity layer necessary to enable these services to be delivered online.

ID/Dataweb is not working only with Broadridge in the financial sector, but across several sectors. One example is a partnership with DHS, enabling first responder access to an online incident response platform (the Next-Generation Incident Command System). In another area, ID/Dataweb is piloting the AXN with a Fortune 100 company to test enterprise, partner, and consumer access using third party credentials and verified attributes to support real time access decisions.

By shifting digital efforts to consumer-focused approaches, ID/Dataweb is demonstrating how NSTIC-aligned identity systems are creating value for consumers and companies alike.

Posted in Uncategorized | Tagged , | Leave a comment

REMINDER: 10th IDESG Plenary Meeting in Tampa, September 17-19

The 10th meeting of the Identity Ecosystem Steering Group (IDESG) is quickly approaching. This no-cost event will take place September 17-19 in Tampa, Florida; you can attend in-person or virtually!

The IDESG is coming off of a momentous summer, with the organization making a number of significant advancements toward enabling all Americans to more easily start using secure, convenient, privacy-enhancing credentials in lieu of passwords everywhere they go online.  This summer saw the IDESG:

  • Launch a formal Framework Development Plan – laying out steps that the organization will take to create an Identity Ecosystem Framework over a handful of iterations.
  • Launch a new strategic planning effort, focused on growing and maturing the organization.
  • Receive a $1.6 million cooperative agreement from NIST, enabling IDESG to fund technical resources and subject matter experts that will help the organization’s committees accelerate the pace of deliverables.

With a renewed focus on accelerating the Framework, this plenary meeting will be heavily focused on socializing the proposed Framework Development Plan and deciding on a plan of action across the organization’s committee structure to achieve it.

The IDESG board will present a plan on Wednesday detailing how to bring Framework components together in a phased implementation over the next 18 months. The Board presentation will be followed by a full group discussion and opportunity to provide feedback and influence the development process.

Additional agenda highlights:

New NSTIC Pilots to be Announced

The NSTIC National Program Office expects to announce the winners of the latest NSTIC pilots competition.

Pilot Presentations

NSTIC’s 11 pilots are seeding the marketplace with solutions for privacy-enhancing, secure, interoperable, and convenient online identity. Six of these pilots will present updates on their pilots at the plenary:

  • Daon
  • ID/Dataweb
  • American Association of Motor Vehicle Administrators
  • Internet2
  • Michigan Department of Human Services
  • Commonwealth of Pennsylvania

Functional Model

The Security Committee led development of a Functional Model to provide consistency upon which to center descriptions of identity solutions. It is a representation of online identity interactions and the various components needed to execute those interactions. In Tampa, the plenary will consider this model for formal approval.

Strategic Plan

The IDESG Board has been busy drafting the organization’s first formal strategic plan, which is due to be finalized by September 20th. The plan will be shared with participants in Tampa, and attendees will have a chance to provide feedback to shape the direction of the document and the IDESG itself.

Note that this IDESG event is collocated with the Global Identity Summit (GIS) at the Tampa Convention Center.  While the IDESG kicks off on Wednesday, the GIS begins Tuesday – and the Summit organizers have graciously offered to waive the registration fee (normally $595 or more) for IDESG attendees on Tuesday the 16th.  The NSTIC National Program Office will have two sessions on Tuesday:

  • At 10:40 am, NSTIC Deputy Michael Garcia will discuss “The Economics of Online Identity” and NIST’s Senior Standards and Technology Advisor Paul Grassi will discuss “New Directions in Identity”.
  • At 3:50 pm, NSTIC Identity Strategist Phil Lam will lead a session on “NSTIC Pilots in the Wild”.

In addition, NSTIC NPO head Jeremy Grant will deliver a keynote address to the Global Identity Summit at 8:30 am on Wednesday, September 17 – immediately before the 10 am kickoff of the IDESG.

We hope to see you in Tampa next week. View the IDESG plenary agenda and register to attend here!

 

Posted in Uncategorized | 1 Comment

Competing on Privacy in the Tower of Babel

In recent months, there’s been much talk about the idea of companies competing on privacy. In theory, this sounds great. Consumers can make choices based on their privacy preferences, and the marketplace will respond. In practice, there are some significant challenges. The NSTIC pilots are learning about these challenges first hand.

The NSTIC calls for the Identity Ecosystem to be privacy-enhancing and voluntary and provides some high-level considerations around these concepts. The pilots are expected to develop identity solutions that adhere to these concepts. But how do they move from high-level considerations to actual implementation? Moreover, how do they achieve an implementation that demonstrates effective privacy protections in consistent and repeatable ways?

In cybersecurity, for example, there are tools such as risk models, control catalogs and technical standards that provide consistent and repeatable results. If an NSTIC pilot wants to securely transmit an attribute, its engineers don’t sit down at their computers and start coding from scratch. There are existing protocols they can select that have been widely evaluated and that demonstrate effective attribute transmission. But what if a pilot wants to collect user consent for the transmission of that attribute? What standard exists for user consent?

The privacy field lags behind other fields such as cybersecurity and safety risk management in providing the types of models and tools that support measurable and consistent outcomes. It is much more difficult for consumers to make informed choices if organizations are marketing their privacy practices with different or, even worse, no measures of effectiveness.

To address this gap, NIST has launched a new privacy engineering effort that focuses on providing design guidance to information system users, owners, developers and designers that handle personal information. Such guidance can be used to decrease risks related to privacy harms and to make purposeful decisions about resource allocation and effective implementation of controls. In April, NIST held the first of a series of workshops. Based on this first workshop, NIST has proposed a set of privacy engineering objectives and a risk model to mitigate privacy harms to individuals. NIST is co-sponsoring a second workshop with the International Association of Privacy Professionals (IAPP) to discuss these proposals and inform the development of a NIST report on privacy engineering. This free workshop will be held in San Jose, California, on September 15-16, 2014.

In the story of the Tower of Babel, God was concerned that a people who spoke one language could take over the world. He prevented this by causing people to speak many languages. I’m no theologian, so I won’t theorize on the merits of God’s actions, but the story does illustrate the power of unity. In privacy, we need to begin speaking with a consistent terminology and using models and tools that provide us with the capability to better measure the effectiveness of privacy design in information systems.

There are many good privacy efforts underway today – but the way to make them   BETTER and enable true competition is for experts in various disciplines to collaborate on identifying and adapting measurement capabilities that have worked in other areas. We encourage system designers, engineers and privacy subject matter experts to participate in the next NIST privacy engineering workshop or provide feedback to NIST at privacyeng@nist.gov. Together, we can develop the foundational components that will enable the Identity Ecosystem Steering Group to achieve the full vision of the NSTIC Identity Ecosystem; one that is secure and privacy-enhancing.

Posted in Uncategorized | 1 Comment

Shout it Out Loud: Enhancing Privacy Can Increase Profits!

Among the questions we’re asked most frequently about NSTIC is: why are trusted identities good for business? The NSTIC pilots have collectively started to answer that question, highlighting how better privacy, security and convenience are enabling new online business models, and driving higher sales and profits.

One of the better examples of this has been the work done by NSTIC pilot awardee ID.me. In 2013, ID.me received a $2.8M cooperative agreement from NIST to pilot its trusted identity solution, which enables members of the military community and their families, First Responders, and students to access exclusive benefits and services online both securely and efficiently without having to share sensitive information with the brands directly. While this easy-to-use and interoperable solution aligns with the NSTIC guidelines, it also benefits partner companies’ bottom line.

Among ID.me’s many successful collaborations is with KISS. When KISS wanted to offer discounted concert tickets to the military community, the band faced a challenge: how could they verify that the people trying to access the tickets actually were service members or Veterans? ID.me’s solution enabled KISS to easily validate this single attribute, without requiring the band’s fans to share additional information about themselves. This partnership was just what the doctor (of love) ordered; KISS went on to sell more than 5,400 tickets to ID.me verified service members and Veterans as of July 14th.

While identity management is traditionally only seen as a risk mitigation capability, ID.me is helping partners like KISS leverage it to grow sales while simultaneously reducing fraud. ID.me, acting as a trusted intermediary, reduces the amount of information a company needs to collect in order to verify an attribute about its customers.

Previously, service members and Veterans had to bring physical military ID cards or hard copies of their military discharge documentation to claim benefits in-person. This process was inconvenient and vulnerable as the transported paperwork contained all sorts of personal information beyond what was needed for the transaction. Veterans’ discharge papers (DD-214), for example, reveal: blood type, home address before and after active service, social security number, date and place of birth, details of active service, and reasons for separation from the military – not exactly the type of information Veterans should have to carry with them, let alone share with companies to get a discount.

ID.me has transformed this experience, allowing service members and Veterans to access benefits by verifying a single attribute: that they have served our country. This has an incredible impact on user privacy, allowing consumers to leave their discharge papers – and related PII – securely at home.

KISS’s story isn’t the only example of an identity management effort that produced tangible positive results. Under Armour saw a 30% growth in affiliate revenue after partnering with ID.me to extend its long-standing in-store military 10% discount online. According to the case study, 70% of those who used ID.me credentials at checkout since November 2012 were first time customers to Under Armour.

These examples demonstrate how investing in new NSTIC-aligned identity solutions may not only increase security and privacy – they can also positively impact a company’s bottom line. As these platforms enhance privacy and reduce the risk of fraud for consumers, they also create more user-friendly online processes that attract customers eager for simpler ways to complete a transaction. They make targeted discounts and services easier for companies to disseminate. They make the need for a plethora of unique passwords a problem of the past. And by giving the user transparency around the information needed to access a given benefit, they increase trust online.

The FICAM Trust Framework Solutions (TFS) Program approved ID.me as a Credential Service Provider at OMB Levels of Assurance (LoA) 1, 2 and 3, following an assessment from Kantara. This means that the same credentials can not only be used to buy concert tickets and access discounts, but can now also be used by Veterans to log in to government services. This is a textbook example of the NSTIC vision: enabling consumers to use the same secure, privacy-enhancing credential to log in to both commercial and public sector sites.

As identity platforms evolve, it is important to recognize the wealth of benefits online service providers and consumers reap. When a company chooses to work with one of these platforms, it is not only about risk mitigation, but also a business growth opportunity. And, it demonstrates that privacy and security are not just good for consumers, but also good for business. New customers, increased profits, and reduced fraud are within reach.

When President Obama visited DC startup incubator 1776, he spent time with the founders of ID.me to discuss its work and partnership with NSTIC. (July 3, 2014)

When President Obama visited DC startup incubator 1776, he spent time with the founders of ID.me to discuss its work and partnership with NSTIC. (July 3, 2014)

Posted in Uncategorized | 2 Comments

Passwords, Dr. Evil and a Solution in Tampa

1.2 billion.

It’s a number that inspires people to conjure up their best Dr. Evil impression, although it’s no laughing matter.  1.2 billion compromised passwords is a remarkably stunning and shocking number.

It’s also one that has inspired a wave of articles asking “what can we do about this?” Telling people to reset all their passwords isn’t a real answer – we just got through telling them to do the same thing in April after the Heartbleed bug was discovered, and most Americans don’t have the stomach or the time to keep doing this every few months.

In the short term, there aren’t any silver bullets: nobody likes the security or usability of passwords, but we’ve had them for a long time because the market has struggled to develop compelling alternatives. These struggles were a major driver behind the issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC).  Some good technologies exist, but higher costs and burdens associated with these technologies mean they are not feasible unless we can use them across multiple sites.

As identity virtuoso Tim Bray noted in an article in Time this past week:

“The problem, and it’s a big one, is that you can’t really carry a different doohickey around for each of your passwords. The solution to that is obvious: just have one that works for lots of different apps. That will require some cooperation and infrastructure. There are smart people working on this idea, but we’re not there yet.”

A great thing about my job at NIST is: I get to lead a team of some of the smart people working on this.

An even better thing about the job: we’ve been joined by more than 200 companies and organizations in the Identity Ecosystem Steering Group (IDESG) – a private organization established to help support the implementation of NSTIC by tackling the creation of an Identity Ecosystem Framework – essentially the “cooperation and infrastructure” that Bray talks about.

IDESG has done awesome work over these last two years, and is making progress each week on version 1.0 of this Identity Ecosystem Framework, with a release target set for early next year. The Framework will provide a set of standards and operating rules that organizations can use to reduce their vulnerability to hackers – enabling their customers to use a set of more secure, privacy-enhancing, easy-to-use, interoperable solutions in lieu of passwords.

While we need more work done in the IDESG, we also need more of you. Many hands make light work and many minds make great work.  The more participants we can attract to the effort, the faster we can make progress.  IDESG is set to meet later next month in Tampa, September 17-19, alongside the Global Identity Summit.  Registration is free.  We look forward to you joining us there. While face-to-face working sessions are more productive, if you simply can’t get to Tampa that week, we always offer options for online participation. Check out www.idecosystem.org for more info.

Posted in Uncategorized | 3 Comments

Creating More Options to Improve Privacy and Security Online

It’s well established that diversity of thought and backgrounds strengthens organizations of all kinds and that diversity is a key component of a strong economy. At the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office (NPO), we believe diversity is also the key to establishing a vibrant marketplace of options to replace outdated passwords with reliably secure, privacy-enhancing and convenient ways to prove who you are online.

The Identity Ecosystem Steering Group (IDESG) was launched under the auspices of the NPO but is a privately led group laying the groundwork for that marketplace through policy and standards development. The group held its ninth plenary meeting this week at the National Institute of Standards and Technology in Gaithersburg, Md. The meeting brought together a broad coalition of individuals and representatives from industry, privacy and civil liberties advocacy groups, consumer advocates, government agencies, and more, focused on giving people choices when they conduct secure transactions online.

Instead of giving up lots of personal information every time you go online, you could choose who gets what information about you by allowing a trusted third-party to verify your online identity and then assert specific attributes on your behalf—only as needed for a transaction.

At the IDESG meeting, we heard from pilot participant ID.me, which is collaborating with vendors such as Under Armour to provide discounts to military families and first responders. ID.me is in the process of receiving higher level certification for its solution so that users can access government services and medical records.

Pilot recipient PRIVO and its partners are helping online sites that cater to children obtain verifiable parental consent—giving parents new ways to protect their kids online. The Georgia Tech Research Institute and TSCP are each working on frameworks and tools that provide supporting infrastructure to enable increased interoperability—allowing different systems to work together. Even among companies not involved in the IDESG and NSTIC, we are seeing improved identity and authentication options in the marketplace.

The steering group and pilots are providing safe environments for competitors and organizations with diverse policy goals to work together to innovate and solve some of the underlying challenges to online authentication. Together, they are working on identity solutions that follow the NSTIC principles of being privacy-enhancing and voluntary, secure and resilient, interoperable, and cost-effective and easy to use.

We understand that not everyone will be comfortable with the same identity providers. Some might prefer to trust their information to a well-established company or government agency; others may prefer a non-profit or advocacy group, or a combination of these organizations. Through the IDESG and a series of pilot grants, NSTIC is fostering a diverse marketplace that will give users options.

This week we were fortunate to have representatives from AARP, the American Civil Liberties Union, the NAACP and the National Federation of the Blind to highlight the diversity of the online community. We encourage organizations such as these to join IDESG – and to explore partnerships to create identity solutions that look out for the interests of their communities in this new marketplace.

The more organizations that engage with the IDESG, the better the organization can lay the foundation for a full spectrum of trusted online ID providers. Online, as in life, we’ll find strength through diversity.

Posted in Uncategorized | Leave a comment

Join Senior Administration Officials at Upcoming IDESG Plenary, June 17-19, Washington, D.C

Implementation of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is in full stride. Our three complementary initiatives – partnering with the private-sector led Identity Ecosystem Steering Group (IDESG), launching the Federal Cloud Credential Exchange (FCCX), and catalyzing the marketplace through NSTIC pilots– are hitting major milestones in 2014, contributing significantly to the emerging Identity Ecosystem envisioned in the strategy. We hope you will join us outside our nation’s capital at the NIST campus in Gaithersburg, Maryland June 17-19 to learn more, network with those engaged in NSTIC initiatives, and join in the important ongoing work of the IDESG. Virtual participation will also be available. Agenda highlights include:

White House Update. Michael Daniel, White House Cybersecurity Coordinator and Special Assistant to the President, will provide perspectives on the NSTIC as a key Administration identity and privacy initiative, including the importance of NSTIC to the Administration’s efforts to improve cybersecurity.

Department of Commerce Update.  Bruce Andrews, the nominee for Deputy Secretary of Commerce (and currently its Chief of Staff) will discuss how NSTIC fits in with broader Commerce Department and Obama Administration initiatives around privacy, innovation, and economic growth.

Trusted Identities for Electronic Health Records.  A senior representative of the Office of the National Coordinator for Health Information Technology (ONC) will kick off a session focusing on joint ONC-NSTIC activities in leveraging trusted identities to secure the exchange of health information online.  Panelists will discuss how the IDESG Health Working Group and HIMSS Identity Task Force will collaborate to inform ONC work.

NSTIC Pilot Update.   2013 pilot awardees ID.me, TSCP, GTRI, and Privo are currently deploying their innovative solutions in the marketplace, going into production in multiple industry segments including financial services and retail.  Join this session to see how these innovative solutions are meeting the increasing need for more secure, privacy-enhancing identity solutions online.

IDESG plenary and committee meetings. The IDESG – now newly incorporated as an independent, 501(c)(3) not-for-profit corporation – will focus discussion on building an Identity Ecosystem Framework of standards, policies and business rules to support the implementation of the NSTIC.  IDESG is driving toward this with support and resources from a broad and diverse array of stakeholders in the public and private sectors. The current focus is on building requirements and processes needed to establish trust mark and certification programs by the end of 2014.  We hope you will join us for an exciting three days for the NSTIC and the IDESG. For more information and to register, visit http://www.idecosystem.org/9thPlenary

Posted in Uncategorized | Leave a comment