A major NSTIC milestone: IDEFv1 set for October 20th public release

When the Identity Ecosystem Steering Group (IDESG) plenary convened last week in Tampa, Florida, attendees meant business. By Friday afternoon, committees had finalized the baseline requirements and supplemental guidance for v1 of the Identity Ecosystem Framework (IDEF). Now the plenary stands in recess with the IDESG on track for a major milestone: completion of the IDEFv1, set for public release on October 20th!

The IDEF, chartered for establishment and governance by the IDESG, will stand as the policy foundation for the Identity Ecosystem (IE). After much effort by the IDESG working committees – including collaboration with the NSTIC pilots to level-set with commercial entities– the IDESG has produced a set of baseline requirements that will enable self-attesting entities to assess and report on their alignment with the NSTIC Guiding Principles. This represents a major step forward in influencing the marketplace toward the NSTIC vision. The IDEFv1 will be released for a final reading period on October 7th, and the plenary will reconvene virtually on October 15th at 2:00 PM ET to approve the package. During the Plenary meeting, Plenary Chair Kim Sutherland recognized the substantial effort and commitment of the IDESG committees – and in particular the individual committee chairs – for all of their work to produce the IDEFv1 as the IDESG’s major collaborative work product and contribution to the IE.

Beyond the committee work of finalizing the requirements, plenary attendees:

  • Advanced the Self-Assessment Listing Service (SALS) as led by the Trust Framework and Trustmark (TFTM) Committee. Set to begin operations by the end of the year, the SALS will enable IE participants to assess and assert conformance with the IDEF requirements, publicly announcing their commitment—and operational adherence—to the Baseline Requirements for privacy, interoperability, security, and usability.
  • Received updates on the NSTIC pilot progress from recipients and their partners. Pilot recipients brought along relying parties that gave the bigger picture on the role of these projects in the market. Plenary attendees heard from GSMA, joined by representatives from Payfone and Verizon; GTRI, joined by a representative from the State of Alabama; MorphoTrust USA; and the University Corporation for Advanced Internet Development (UCAID or Internet2).
  • Had an intro to our three new additions to the NSTIC pilots family, a preview of the NSTIC NPO’s future activities, and were the first to hear about the NPO’s upcoming workshop.

Simply put, part one of the currently-recessed plenary went off as planned. It was productive and all could feel the energy of IDEFv1 nearing release. Now, the IDESG looks to push the IDEFv1 across the finish line at the October 15th virtual plenary. Stay tuned for more exciting IDEF updates in the coming weeks—the Identity Ecosystem has never felt so close!

…as always, remember to follow us on Twitter!

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Save the Date: NSTIC identity proofing, authentication, and attributes workshop – January 2016

We’re thrilled to announce that on January 12-13, 2016, the NSTIC National Program Office, with our colleagues here in NIST’s Information Technology Lab, will hold a technical workshop called ‘Applying Measurement Science in the Identity Ecosystem.’ Participants will collaborate about ways to measure and compare the performance of key solutions in the Identity Ecosystem, specifically:

  • Strength of identity proofing, both remote and in-person;
  • Strength of authentication with a focus on biometrics; and
  • Attribute confidence to assist in effective authorization decision making.

This two-day event at the NIST campus in Gaithersburg, Maryland, will bring together leading security practitioners, solution providers, experts, and policy makers from across sectors. With the growth of available solutions in the market, the NPO believes it’s now time to improve the science behind identity assurance—and that the agencies and industry will benefit from better tools to measure the performance of solutions.

NIST is shifting its focus to these issues at a vital time. Last October, President Obama’s Executive Order 13681 called for multi-factor authentication and effective identity proofing processes in federal agencies’ digital services that involve personal data. Emerging technologies, like those in mobile and biometrics, are poised to be game-changers in the way we think about identity and access management. Based on these innovations, the explosion of tools and techniques in the market, and the need to remain flexible in guidelines and standards, we believe metrics are a critical element of well-informed risk decisions. By aligning risk tolerance with a measure of strength in proofing and authentication– or attribute confidence– agencies can determine exactly what market solutions best can meet their needs.

In the coming months we will release a series of brief white papers addressing each of the primary focus areas for the workshop. With the white papers as a starting point, stakeholders will have an opportunity to provide critical feedback at this workshop and guide our next steps—which we envision will be critical inputs to federal guidance on each of these topics as well as international standards. To make these efforts meaningful we need engagement from a diverse array of stakeholders on how measurement science and risk practices can be aligned to help mitigate the cyber threats we all face today. Bring your solutions and your insight to the table and help us improve online identity!

Stay tuned for registration information on our new NSTIC events page and for the release of our white papers.

…and remember to follow us on Twitter!

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , | 2 Comments

Introducing the 3 newest members of the NSTIC pilots family!

The NSTIC pilots family is growing today with the announcement of three new pilot projects receiving NIST grants!

These projects will join the ranks of the 15 active NSTIC pilots and alumni that know all about catalyzing a marketplace of identity solutions. The NSTIC pilots family has done a great deal to seed the market, including:

  • Bringing together over 130 partner organizations in support of advancing the NSTIC across 10 major industry sectors;
  • Impacting approximately 2.3 million individuals;
  • Enabling 10 MFA solutions such as SMS text and multi-modal biometrics; and
  • Establishing or enhancing five commercial trust frameworks to facilitate interoperability of NSTIC-aligned credentials across sectors.

With a new round of NIST grant awardees, we have yet another opportunity to bring NSTIC-aligned solutions to the masses. This year’s additions are developing and deploying awesome, innovative solutions to address the toughest identity conundrums associated with everyday transactions; the pilots are aimed specifically at reducing tax refund theft, improving the security of medical information, and providing secure online storage for internet-of-things enabled devices.

This year’s selections show how we’re transitioning our pilots program to focus on filling more specific, critical gaps in the marketplace. In one of the federal funding opportunities (FFOs) we released earlier this year, we solicited projects with a focus on privacy-enhancing technologies since we’ve found privacy to be one of the most challenging NSTIC Guiding Principles for organizations to address. This more specific FFO followed a general solicitation for NSTIC-aligned solutions, which mirrored NSTIC FFOs of years past.

From submissions to these two FFOs, we at the NSTIC National Program Office selected three new pilot projects to push the boundary of identity management as it currently stands.

Without further ado, the grantees announced today are:

MorphoTrust USA (Billerica, Mass.: $1,005,168) MorphoTrust’s second NSTIC pilot grant will focus on preventing the theft of personal state tax refunds. Through MorphoTrust’s partnerships with multiple states, the project will show how to efficiently leverage trust created during the online driver licensing process (which includes enrollment, verification through biometric identification, authentication and validation, and issuance) in a scalable way to create trustworthy electronic IDs that individuals control.

HealthIDx (Alexandria, Va.: $813,922) HealthIDx proposes to deliver an innovative, privacy-enhancing technology that protects patients’ identity and information. This project will pilot a ‘triple blind’ technology in which medical service providers have no knowledge of which credential service provider an end-user chooses, credential service providers have no knowledge of which medical service provider the end-user is visiting, and the identity broker has no knowledge (nor retains any information) about the transaction’s parties or contents.

Galois, Inc. (Portland, Ore.: $ 1,856,778) Galois will build a tool to allow users to store and share personal information online. The user-centric personal data storage system relies on biometric-based authentication and will be built securely from the ground up. As part of the pilot, Galois will work with partners to develop just-in-time transit ticketing on smart phones and to integrate the secure system into an internet of things-enabled smart home.

NSTIC pilots aren’t just about executing on the descriptions above. These last few years, they have been vital in offering a commercial perspective on the Identity Ecosystem Framework to the Identity Ecosystem Steering Group, piloting the newly drafted Privacy Risk Management Framework for the privacy engineering team at NIST, and providing feedback for NIST publications, such as NISTIR 8054. We look forward to seeing these three 2015 pilots follow suit and advance the NSTIC. And with these three pilots addressing identity challenges in everyday transactions, we can’t wait to see entirely new groups of individuals benefit from the security, privacy, and convenience of NSTIC-aligned solutions.

We at the NSTIC NPO will be sure to keep you updated as these pilot projects unfold, so be sure to check our blog and twitter regularly for updates.

MorphoTrust, HealthIDx, and Galois: welcome to the family!

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

NIST civic hacking day challenge sparks the creation of an innovative new API

Multi-factor authentication (MFA) is near and dear to our hearts at NSTIC. We understand how important it is to the security and privacy of online transactions and we get excited about any opportunity to increase the awareness of—and encourage the adoption of—MFA. This is why we jumped at the opportunity to submit a challenge about MFA for the National Day of Civic Hacking earlier this summer.

NIST hosted a ‘Two Factor Frenzy’ challenge that called for a tool designed to show users which sites currently offer MFA that could be personalized based on their online habits. Two colleagues at Code HS in San Francisco joined forces to work on a solution for us: Kurt Hepler and John Kelly. Kurt and John both recently became interested in cybersecurity; Kurt is an avid coder who tutors students and teachers, and John is a programmer who changed his major at Berkeley from cognitive science to computer science when he realized he had a passion for it. This was their first time as civic hacking participants—and their first time building an API. They chose to work on our challenge because of the cybersecurity focus and the creativity we encouraged.

Kurt and John decided to build and launch a publicly available API that makes the data from www.twofactorauth.org (which compiles information about which websites support MFA) easier to access through a browser extension. The API can show internet users if the website they are visiting offers MFA—in hopes of adding simplicity and convenience for the user. They also expanded the API’s dataset to include even more information about the security of the websites being visited (e.g., if the website has phone call support, email support, and hardware token support).

The browser extension for Chrome and Firefox can be downloaded from the Chrome Web Store and at Add-ons for Firefox now. You can also look up if a website offers MFA on their website, Check This Site. Kurt and John are currently working on a way for others to be able to add information to their database as more sites adopt MFA—and say they already have a plan for how to make this work. Ultimately, they would like to allow the community to contribute so the tool is as useful, robust, and effective as possible.

Kurt has reasons for his passion on MFA. He says, “As we continue to spend more and more of our time online, the need for safer online practices becomes increasingly important. This is especially true when you think about how much personal information we share online. Whether we’re checking email or filing taxes, there’s a lot of info about us that we want to keep secure. To this end, MFA can have a huge impact on keeping us and our data safe. We hope that our project will be helpful in educating about and promoting these resources and practices.”

We at NSTIC appreciate that Kurt and John took the time to collaborate and come up with a solution to our challenge. This was the first time NIST participated in the National Day of Civic hacking, and we are really happy with how the event turned out. Tools like those developed in the hacking day challenge help advance the Identity Ecosystem and, in the case of our challenge, encourage service providers to offer MFA—which will make the online world more secure in the future… and will keep us happy in the meantime.

More information about the API is on ChallengePost (which includes additional links and screenshots).

…And remember to follow us on Twitter!

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

Goals of NSTIC past, present, and future: NCSA guest blog interview

Our friends at the National Cyber Security Alliance recently caught up with Mike Garcia, acting director of the NSTIC NPO, to jumpstart their new executive Q&A blog series! This interview will give you a glimpse into what the NSTIC NPO has accomplished in the last four years and what we’ve got planned in terms of catalyzing the marketplace in the future. Mike also talks about what the NPO is most proud of and how we’re changing things up a bit.

Spoiler alert: we’re honing in on impacts and outcomes while driving commercial adoption, federal adoption, and advancement in science, technology, and measurement science. Plus, we’ve launched a bunch of new developments, like NIST joining the FIDO Alliance, advancing our pilots program, and releasing the draft NIST IR 8062: Privacy Risk Management for Federal Information Systems, just to name a few. Check out the new NCSA blog post and follow us on Twitter for more updates in the future.

Plus: we’ll be participants in the NCSA Twitter chat about strong online authentication tomorrow – Thursday, July 16th at 3 p.m. ET. Follow the conversation using #ChatSTC.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Fourth and goal: closing in on the Identity Ecosystem Framework

It’s certainly too early to spike the ball, but yesterday the Identity Ecosystem Steering Group (IDESG) met another milestone by approving the initial set of baseline requirements for the Identity Ecosystem Framework (IDEF). These requirements are a critical element to building the IDEF—which the IDESG has been chartered to establish and govern. As identified in the NSTIC, successful establishment of the IDEF is a must-have in the ongoing successful development of online commerce, government efficiency, and effective and efficient communication among and between individuals, the private sector, and the public sector. The baseline requirements were developed by IDESG work committees to address minimum requirements for Identity Ecosystem participants in four key areas: privacy, security and resiliency, interoperability, and user experience. These areas align directly with the committee structure of the IDESG and with the Guiding Principles of the NSTIC.

The requirements will serve as the basis for the IDESG’s Self-Assessment Program—which is targeted to be operational later this year. Under this scheme, identity service providers and relying parties will be able to self-assess their own policies, procedures, and operations to the baseline requirements and attest to conformance to them. The IDESG will offer a public listing service for those organizations that self-assess and determine conformance to the baseline requirements. The functional model, requirements, Trustmark program scope, and scoping statement will comprise the initial version of the IDEF as envisioned in the strategic plan.

The IDESG Privacy, Security, Standards, and User Experience Committees, along with the IDESG Framework Management Office, have been working hard to develop the baseline requirements since last year. The Self-Assessment Program is intended to enable those service providers to apply the requirements to their own operations to determine where they meet the requirements—and to identify areas that may need some focused attention in order to conform to the baseline in the future.

It’s important to note that the baseline requirements are currently in the form of a set of requirement statements; the IDESG working committees are currently developing supplemental information for each of the requirement statements to further clarify and explain the requirements (and how they can be met at this stage). The supplemental information is intended to help explain the requirements to all audiences, but, in particular, is intended to help guide those organizations that intend to perform self-assessments against the requirements later this year. This supplemental information will be part of IDEF v1 release later this year.

The next IDESG plenary will take place at the Tampa, Florida, on September 24 and 25—co-located with the Global Identity Summit. The IDESG looks to complete the remaining aspects of IDEF v1—supplemental guidance, scoping statement, and self-attestation and listing service—in time for approval at this upcoming plenary. Kudos to the IDESG for accomplishing this major milestone, and we are looking forward to advancing further downfield this summer and getting IDEF v1 into the end zone.

Follow the NSTIC NPO on Twitter for the latest updates.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

NIST joins the FIDO Alliance

Recently NIST joined the FIDO Alliance under its newly-created government membership class. The FIDO Alliance was formed in July of 2012 and aims to bring easy-to-use, privacy-enhancing authentication devices to the consumer mass market. FIDO-based credentials are designed to provide an anonymous key without any publicly available serial number or central authority. The FIDO 1.0 specifications allow for strong, multifactor credentials, a major point of focus in the National Strategy for Trusted Identities in Cyberspace.

NIST, which is home to the National Program Office for implementing the NSTIC, is committed to bringing stronger authentication to individuals – which makes this new partnership a logical and exciting next step toward achieving its mission. “We are thrilled that FIDO is welcoming government participation in this industry-led initiative, and we look forward to supporting the development of future specifications. We see this as a great opportunity to advance work on both sides and to bring NIST’s capabilities to the FIDO table,” said Mike Garcia, acting director of the NSTIC NPO.

Being a member of the FIDO Alliance will help government strengthen its role as an early adopter of new identity solutions. “I can see a day in the near future when some consumers will start to insist on leveraging a FIDO-based authenticator to access government services through Connect.Gov,” added Paul Grassi, NSTIC standards and technology lead. This partnership will also support the work of the Identity Ecosystem Steering Group (IDESG) as the goals of each organization are extremely complementary. The IDESG is a private sector-led organization developing a framework of requirements and policies—leveraging existing industry standards—for interoperability across the Identity Ecosystem.

Executive director of the FIDO Alliance Brett McDowell said, “Cross-sector collaboration is vital to wide adoption of FIDO specifications, and we consider NIST an ideal government member. There is little doubt that the NSTIC, and the work of the NSTIC NPO, have had a direct and positive influence on several of the contributors in the FIDO Alliance, and I’m optimistic about the great things we can accomplish working together directly to promote stronger authentication.”

Follow the NSTIC NPO on Twitter for the latest updates.

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | 1 Comment

Summer homework: NIST welcomes comments until 7/31 on draft privacy risk management framework

Update: Deadline extended to 7/31 at 5:00 PM ET!

Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model.

In developing the PRMF, the team also created a privacy risk assessment methodology (PRAM) to leverage this new framework (appendix D in the report). Thanks go to the NSTIC pilots who decided to use the PRAM to support their alignment with the NSTIC privacy-enhancing and voluntary guiding principle and provide feedback. This effort reflects the cooperative and open process we value so highly with our stakeholders.

The PRMF is modeled after the NIST Risk Management Framework for managing cybersecurity risk and is intended to be a repeatable and measurable tool for improving the understanding, prioritization, and mitigation of privacy risks in information systems. However, more work needs to be done. The privacy engineering team is considering, for future work, how to provide guidance on the selection of technical, policy, and operational controls to address specific privacy risks.

NIST is soliciting input on the report through an open comment period. All feedback is welcome; particularly on the several specific questions for reviewers, available here. Please send all comments to privacyeng@nist.gov by July 31, 2015, at 5:00pm ET using the comment matrix provided.

We see the release of this draft report as a critical step in the process of how to address privacy concerns in the Identity Ecosystem in a more meaningful and consistent way. The public comment process is critical to building the best product possible – so please share the draft report far and wide and share your thoughts on it with us!

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

A Retrospective Look: Eating our own dog food with dogged determination

It can be hard to serve as an early adopter of new technology. It usually means having very few (or no) examples to demonstrate what to do…and what not to do. Being the guinea pig is no easy feat, but we at the NSTIC NPO are embracing the challenge since we believe this is vital to facilitating the commercial adoption of identity solutions. After all, the NSTIC was clear that building a healthy identity ecosystem would require government to eat its own dog food.

An example of the federal government working as an early adopter is the partnership with the NSTIC NPO, the General Services Administration (GSA), and the U.S. Postal Service (USPS). We worked closely together to develop an “easy button” for agencies to provide an NSTIC-aligned way to improve services to constituents. Enter Connect.Gov (previously known as the Federal Cloud Credentialing Exchange, or FCCX). Connect.Gov creates a secure, privacy-enhancing service that allows individuals to use a digital credential they may already have—and that they can ideally use online at non-government sites—to connect to online government services and applications. Connect.gov allows an individual to access multiple agency websites and online services by signing in with an approved third-party sign-in partner.

In a blog from 2013, Naomi Lefkovitz explained the challenges faced by the government as an early adopter of federated identity:

No matter the elegance and simplicity of federated identity as a concept, we all know that it has been much more complicated to put into practice. Some may view the federal government’s attempts as failures, but we believe that it takes an iterative process to get a complex initiative right.

Time has passed since that first blog—and we continue to get closer to completing this complex initiative. For example, we are learning about how to address the issue of liability by setting liability limits as part of the credential service provider contract. Figuring out if we have the model right will take time and require tweaking, but the result will be impactful. We also have learned that simple and scalable relying party (RP) integration continues to be a challenge; we need to make standardized tools available to RPs.

We still face many challenges, but overcoming them will make our successes even sweeter. Along the way, the program can be proud that it has already:

  1. Built a platform with innovative architectural design that preserves individuals’ privacy through collaboration with USPS, agency relying parties and technology providers;
  2. Integrated two certified credential service providers at level of assurance (LOA) 2 and 3 and three more at LOA1; and
  3. Entered soft-launch production with our first agency applications and have several additional production implementations on track by the end of the year.

As Connect.Gov continues to progress by on-boarding more agencies and enhancing its capabilities, the benefits to both the user and agencies will increase. Additionally, our team of GSA, NIST, and USPS already has an eye toward the future. We currently have a testable protocol for encrypted attributes in an effort to explore additional privacy-preserving hub architectures and have an RFI out as part of a collaborative process with industry to develop appropriate business models for federated identity services.

We have a lot to look forward to and a lot to be proud of. We are excited to see how this capability will enable stronger online transactions for users in an easy-to-use and privacy-preserving way.

To learn more about how Connect.Gov simplifies access, protects privacy, and provides choice, please click here.

Follow the NSTIC NPO on Twitter for the latest updates.


Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment

A Retrospective Look: Smelling the roses in the IDESG

The Identity Ecosystem Steering Group (IDESG), now in its third year, is a key part of the National Strategy for Trusted Identities in Cyberspace (NSTIC). It serves as a forum to build the core set of rules and standards to promote privacy, security, interoperability, and ease of use for online services. I wouldn’t say IDESG meetings are exactly like standards development meetings, but they are similar in that much of the contention and dissention makes me sure of two things:

  1. There is some good old-fashioned policymaking going on, and
  2. Something that really matters must be on the agenda.

If we hit the pause button and take a moment to reflect, it turns out there’s some really promising forest amongst all those trees. In the IDESG in 2014, we saw a Strategic Plan that sets in place a broad series of outcomes and a Framework Development Plan that more granularly describes how the work would get done. Implicit—and sometimes explicit—in those documents are a thousand decisions IDESG members must collectively make. Colin Soutar, a consultant who has supported our office the last two years and was previously chair of the IDESG security committee, likes to remind us that, “nothing raises folks’ level of attention like the whiff of a decision being made.” These decisions and deadlines are the smelling salts of policymaking and cross-organizational collaboration.

What is great about the IDESG is that it offers a public-private sector forum with broad, open membership, no cost for entry, and global availability for all plenary and committee meetings (with time zone apologies to our IDESG members overseas). With a consensus process that gives everyone multiple opportunities to present solutions and provide feedback, the IDESG is set up to address tough issues and get sometimes contentious deliverables done right. The process is not always smooth, of course. Indeed, the bumps in the road are often the hallmark of an inclusive and exhaustive process that is working toward products and programs of real consequence.

As the IDESG evolves in its third year, we are seeing work on the Identity Ecosystem Framework (IDEF) progressing deliberately and in an organized manner. The IDEF is a foundational document that presents the core requirements and standards, functional model, and means to assess and recognize conformance for the participants of the Identity Ecosystem. As noted, the IDESG issued a Framework Development Plan last year that calls for the IDESG committees to work collaboratively to implement the IDEF and a self-assessment and attestation program later this year. If you’ve been paying close attention, you’ve seen the IDESG committees set a real cadence. Key to this progress is the IDESG Framework Management Office, which was established last year to be the focal point across the IDESG for all framework development efforts. This past September the IDESG held one of its most significant meetings to date—approving its functional model, a strategic plan, and a framework development plan. At its January meeting, the IDESG continued this progress, assessing draft IDEF requirements and welcoming a new Executive Director. The wheels are turning and the IDESG is most definitely accelerating its pace.

There is no question that the rest of 2015 will be critical for the IDESG to build on its current momentum and deliver on its goals, but what exactly should this look like? For my money, the most important question is whether the IDESG can stay focused on getting two key things done right:

  1. Getting requirements approved and standards adopted. Two of the most essential components of the Identity Ecosystem Framework are requirements and standards—a fact emphasized in both the Strategic Plan and the Framework Development Plan.
  2. Establishing a self-assessment and attestation program. While not the ultimate end-state of the IDESG recognition program, it is a critical step for the IDESG.

Accomplishing these two objectives this year should jumpstart the ability of multiple organizations and online service providers to identify and adopt trusted identity solutions and improve their delivery of secure, efficient, and privacy enhancing online services.

With the Framework Management Office in full swing and ushering these processes along, a full-time executive director, dedicated communication support, and streamlining of governance and approval processes underway, the IDESG has the structures in place to continue increasing the pace of progress in accomplishing its goals. So too must our expectations. We should all continue to drive deliverables to help the IDESG in its mission to develop the IDEF. The IDESG is better positioned for success than it has ever been before and with continued effort, sharp focus, and clear prioritization, the organization is poised to demonstrate tangible and valuable progress to its members, stakeholders, and the identity market as a whole.

So what’s in store for the IDESG in the near future? I believe we will see some major products, such as the Identity Ecosystem Framework (v.1) and the Self-Assessment and Attestation Program (v.1). And if progress continues to accelerate, we might just find the IDESG coming up roses in 2015.

If you’re at RSA, attend the IDESG/NIST joint event today! April 22, 4:00pm PT, Moscone South, Room 300. Read more here.

Register to join the Identity Ecosystem Steering Group here.

Follow the NSTIC NPO on Twitter for the latest updates.

Posted in Uncategorized | Tagged , , , , , , , , , , , | Leave a comment