NSTIC doc outlines transition to privately led ID effort

The government's National Strategy for Trusted Identities in Cyberspace takes its most important step to date by releasing recommendations for turning the effort over to the private sector.
Written by John Fontana, Contributor

The strategy established by the Obama Administration to create a national digital identity infrastructure reached a significant milestone Tuesday as the government began handing the effort over to the private sector.

Jeremy Grant, who heads the National Strategy for Trusted Identities in Cyberspace (NSTIC), released recommendations for creating a NSTIC steering committee operated independent of the federal government. However, governments - state, local and federal - will get a seat within the committee.

The 51-page document, titled "Recommendations for Establishing an Identity Ecosystem Governance Structure" calls for creation of the steering group, its structure, representation and coordination with international groups.

"While NSTIC is a government initiative, the Identity Ecosystem it envisions must be led by the private sector," said Grant. "The recommendations we published today lay out a specific path to bring together all NSTIC stakeholders."

The goal of NSTIC, introduced in April 2011, is to create an "identity ecosystem" that provides secure identities for online transactions while limiting the disclosure of personal information. The system calls for both public and private accredited  identity providers and a choice of identity credentials.

The effort does not create a national ID card.

The steering group, expected to be formally established later this spring, will create policies and standards for that identity ecosystem framework as laid out by the NSTIC charter.

The framework includes interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms.

The recommendations document, introduced by NSTIC's stewards - The Department of Commerce and the National Institute of Standards and Technology (NIST) -  lays out in detail suggestions for the steering group's structure, including recommendations for governance models, voting methods, sub committees, stakeholder groups, the use of a consensus-driven process, and the need for openness and transparency.

Once the steering group is in place it is free to accept or reject any or all of the recommendations, which are a product of public input solicited last June by NSTIC.

The report recommends 14 initial stakeholder groups: Privacy and Civil Liberties; Usability & Human Factors; Consumer Advocates; U.S. Federal Government; U.S. State, Local, Tribal, and Territorial Government; Research; Development & Innovation, Identity & Attribute Providers; Interoperability, Information Technology Infrastructure; Regulated Industries; Small Business & Entrepreneurs; Security; Relying Parties; and Unaffiliated Individuals.

NSTIC plans to issue a Federal Funding Opportunity (FFO) in the next two weeks to seed the launch of the steering group and to provide ongoing secretarial, administrative and logistical support. Eventually, the group will have to create a way to self-fund its operation. Recommendations for that effort included transaction, accreditation or membership fees.

Just last week, NSTIC issued $10 million in FFO's to fund five to eight pilots focused on identity projects that support the NSTIC model, and it is currently soliciting proposals to fill those slots.

"Between the new NSTIC pilot program and our plan to help stakeholders create an identity ecosystem steering group, there should be no doubt that 2012 is going to be a big year for NSTIC," said Grant.

NSTIC plans to hold a workshop on March 15 to convene potential stakeholders, review the recommendations and jump-start establishment of the steering group.

It also plans to hold on Feb. 29 at the RSA Security Conference in San Francisco an update session that will feature Howard Schmidt, the White House cybersecurity coordinator.

Editorial standards