Reaching the point where identity solutions that apply to the healthcare sector could also be accepted in the area of financial services or other sectors continues to be a challenge for the Identity Ecosystem Steering Group.
Better identity management solutions could go a long way in encouraging electronic health record adoption among patients and providers nationwide, said a Health and Human Services Department official June 19. Many of the health information technology efforts spearheaded by HHS's Office of the National Coordinator for Health IT rely heavily on credentials and authentication.
An Obama administration effort to replace online passwords with an "identity ecosystem" led by the National Institute of Standards and Technology would receive $24.5 million under the White House budget proposal for the coming fiscal year.
The healthcare industry could greatly benefit from innovations in digital identity, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology. Rather than create a one-off solution specific to healthcare, the industry can leverage other work being done to support the National Strategy for Trusted Identities in Cyberspace.
Agency and department websites could one day soon leverage the same log-on information citizens use for online banking for government services, following a Feb. 7 GSA update to the Trust Framework Solution. Although it's often referred to as "guidance," the TFS (.pdf) isn't a mere suggestion, said Anil John, program manager for the trust framework solution.
Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the framework released Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST removed an appendix containing privacy controls included in earlier drafts.
The National Institute of Standards and Technology sees testing as critical to the formation of an identity ecosystem, as called for in the National Strategy for Trusted Identities in Cyberspace. On Jan. 16, NIST formally announced (.pdf) a federal funding opportunity for a third round of NSTIC pilots.
Funding for the National Institute of Standards and Technology this fiscal year under the omnibus federal funding bill signed into law by President Obama Jan. 17 will be better than in recent years past. The compromise funding bill (H.R. 3547) appropriates $850 million for NIST – not as much as the Commerce Department bureau's $928.3 million request, but $41 million above the enacted fiscal 2013 level, and well more than the $782.4 million it received in fiscal 2012.
The National Institute of Standards and Technology expects in late January to issue another federal funding opportunity for what would be the third round of pilots to implement the National Strategy for Trusted Identities in Cyberspace.
But as work on an identity ecosystem framework and associated accreditation schemes moves forward, NIST may not have to reinvent the wheel, says Grant in a Nov. 6 blog post. Because NSTIC is not prescriptive, requirements mapping may allow for the creation of an interim identity ecosystem, he says.