NSTIC-led ID plan earmarks $4 million to secure state government services

Summary:NSTIC and the Office of Management and Budget hope secure ID credentials add security, accuracy, speed to state, local government benefit programs online.

The two-year-old initiative to create an identity layer for the internet is backing a set of projects aimed at creating identity-based security to support state and local government services online.

The National Program Office (NPO) of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is working with the Office of Management and Budget (OMB) to fund at least two projects that would split up to $4 million and be aimed at developing verification systems to support citizen access to any number of services or agencies. A call for project proposals will go out in the next 45 days.

The projects eventually selected will be aimed at showcasing integration with the NSTIC "identity ecosystem". Selection will favor projects that "demonstrate the potential for interoperability of an identity credential from a private identity provider with both state and federal programs".

The idea is that a secure credential will not only facilitate use of services, but stimulate efforts to bring more services online and to make all services more secure. The hope is that the secure credential will integrate across agencies, speed up activation of services, and help track that the proper payments make it to the correct citizens.

This is the second round of pilot programs NSTIC has launched this year. The earlier round, which drew 70 respondents, was a general call for plans to help build out NSTIC's proposed identity ecosystem.

In September 2012, the initial set of NSTIC pilot grants awarded $9 million to five projects . The projects include a program within the Commonwealth of Virginia for creating a shared authentication across state agencies .

These new specific state and local government pilots will be funded by the OMB's Partnership Fund for Program Integrity Innovation, which is a federal program established by Congress in 2010.

The fund enables federal, state, local, and tribal agencies to pilot ideas for improving assistance programs in a controlled environment. NSTIC thinks state governments add value to its identity ecosystem strategy not only as credential providers, so-called identity providers (IdP), but also, more importantly, as relying parties.

Relying parties are those sites that agree to trust credentials issued by an IdP. To date, it has been difficult finding sites and organizations willing to be relying parties.

There are other major hurdles involved in injecting identity into public benefits programs, including privacy, data storage, and high costs.

As part of the NSTIC-OMB announcement, the pair gave these examples of issues that need to be addressed in any state government program:

  • Concerns about applicant and beneficiary privacy, such as concerns that identity proofing techniques may be too intrusive, as well as concerns that data collected will be inappropriately shared with other programs or parties.

  • Difficulties conducting identity proofing and ensuring that commonly used identity proofing approaches can adequately cover the beneficiary population.

  • High per-user costs of many identity solutions, some of which even exceed the budgets of agencies, particularly when the solution would only be used in a single service, as well as challenges demonstrating the ability to show how costs could be recovered.

  • Security challenges faced by some states in demonstrating an ability to securely store sensitive information.

NSTIC hopes that the pilot program will produce trusted online credentials that meet its four guiding principles — that identity solutions be privacy enhancing and voluntary; secure and resilient; interoperable; and cost effective and easy to use.

Topics: Government, Privacy, Security

About

John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.