Public-facing government websites that require the use of federally-issued credentials put an undue burden on users, according to Federal Chief Information Officer Steven VanRoekel, who instructed agency CIOs in an Oct. 6 memo (.pdf) to begin accepting non-government, externally issued identity credentials.

The memo cites the National Institutes of Health's use of externally-issued credentials as a success story. NIH websites such as PubMed2, an NIH-managed website that comprises more than 20 million biomedical reference materials, have used externally-issued credentials for access since June 2010. More than 72 thousand non-government credentials have been used to access the site and NIH estimates the identity initiative will result in cost avoidance of more than $2.98 million over the next 4 years, writes VanRoekel.

Effective 90 days following final approval of at least one Trust Framework Provider--the General Services Administration and CIO Council approve Trust Framework Providers and will publish the approval dates on idmanagement.gov--agencies are to begin implementing the new requirement, according to the memo. In 3 years all agencies' "assurance Level 15 websites that allow members of the public and business partners to register or log on must be enabled to accept externally-issued credentials in accordance with government-wide requirements."

The memo reminds federal CIOs that the websites can only accept externally issued credentials that comply with National Institute of Standards and Technology guidelines and "CIO Council processes." The memo also includes a list of currently approved providers.

For more:
- see the OMB memo (.pdf)

Related Articles:
VA issued more than 157,000 flawed credentials, says IG 
Obstacles forestall HSPD-12 cards in logical access 
OASIS forms electronic identity credential technical committee 
NSTIC will require privacy legislation, say groups 
Q&A: Jeremy Grant on NSTIC implications for government IT