The healthcare industry could greatly benefit from innovations in digital identity, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology. Rather than create a one-off solution specific to healthcare, the industry can leverage other work being done to support the National Strategy for Trusted Identities in Cyberspace.
Agency and department websites could one day soon leverage the same log-on information citizens use for online banking for government services, following a Feb. 7 GSA update to the Trust Framework Solution. Although it's often referred to as "guidance," the TFS (.pdf) isn't a mere suggestion, said Anil John, program manager for the trust framework solution.
Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the framework released Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST removed an appendix containing privacy controls included in earlier drafts.
The National Institute of Standards and Technology sees testing as critical to the formation of an identity ecosystem, as called for in the National Strategy for Trusted Identities in Cyberspace. On Jan. 16, NIST formally announced (.pdf) a federal funding opportunity for a third round of NSTIC pilots.
Funding for the National Institute of Standards and Technology this fiscal year under the omnibus federal funding bill signed into law by President Obama Jan. 17 will be better than in recent years past. The compromise funding bill (H.R. 3547) appropriates $850 million for NIST – not as much as the Commerce Department bureau's $928.3 million request, but $41 million above the enacted fiscal 2013 level, and well more than the $782.4 million it received in fiscal 2012.
The National Institute of Standards and Technology expects in late January to issue another federal funding opportunity for what would be the third round of pilots to implement the National Strategy for Trusted Identities in Cyberspace.
But as work on an identity ecosystem framework and associated accreditation schemes moves forward, NIST may not have to reinvent the wheel, says Grant in a Nov. 6 blog post. Because NSTIC is not prescriptive, requirements mapping may allow for the creation of an interim identity ecosystem, he says.
The Federal Cloud Credential Exchange will reduce the complexity of credentialing, speed up integration with identity providers, improve consumer privacy and ease of use, and cut agency authentication costs, said Douglas Glair, manager of digital partnerships and alliances at the Postal Service, during a recent presentation. The FCCX will serve as a single broker to authenticate consumers, so end-users won't have to obtain a new credential each time they interact with an agency application, he added.
The National Institute of Standards and Technology awarded $7 million in grants that will support five identity protection and verification pilots in support of National Strategy for Trusted Identities in Cyberspace implementation. The grants will further the work of multi-year NSTIC pilots that were first unveiled in September 2012.
The Postal Service awarded Aug. 20 a $15 million contract to stand up a Federal Cloud Credential Exchange. The one-year pilot will create an authentication infrastructure that enables individuals to securely access online services at multiple federal agencies.