[LINK] US: Advancing the National Strategy for Trusted Identities in Cyberspace: Government as Early Adopter
Marghanita da Cruz
marghanita at ramin.com.au
Mon Oct 17 17:30:15 AEDT 2011
> When I last discussed the need for better digital credentials in this blog, the President had just signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) to address two challenges that can affect economic growth online: (1) the insecurity and inconvenience of static passwords and (2) the cost of transactional risks that arise from the inability of individuals to prove their true identity online. The solution proposed by NSTIC is a user-centric “Identity Ecosystem” built on the foundation of private-sector identity providers.
> Now the Administration has taken another key step towards realizing the vision of NSTIC. Our Federal Chief Information Officer (CIO), Steven VanRoekel, just issued a Memorandum for Chief Information Officers of Executive Departments and Agencies detailing requirements for accepting externally-issued digital credentials. Going forward, Executive Departments and Agencies must accept approved externally-issued credentials when they are upgrading or developing Level 1 websites (as defined by OMB Memorandum 04-04 and NIST SP 800-63) that allow members of the public and business partners to register or log on. In addition, websites requiring credentials with higher levels of assurance (Levels 2, 3 and 4) should also be enabled to accept approved externally-issued credentials where appropriate. In basic terms, this means that solutions from firms like Equifax, Google, PayPal, Symantec and Wave Systems – all of whom have had their credentialing solutions certified to meet Federal
security and privacy requirements – can be trusted identity providers for certain types of Federal applications.
Marghanita da Cruz
More information about the Link