White House Notes Progress of NSTIC

In an October 14, 2011 entry on the White House Blog, Cybersecurity Coordinator Howard Schmidt reports that the Federal Chief Information Officer has just issued a memorandum requiring Executive departments and agencies to “accept approved externally-issued credentials” as they upgrade certain websites.

Of particular note is the information that “Equifax, Google, PayPal, Symantec and Wave Systems” have all had “their credentialing solutions certified to meet Federal security and privacy requirements.”

Clearly implied, however, is disappointment that the private sector has not committed more fully to the National Strategy for Trusted Identities in Cyberspace:

To date, a handful of identity providers have undergone or are undergoing the Federal approval process. We are eager to see – particularly at the higher levels of credential assurance – a larger, vibrant pool of accredited identity providers to provide more choices for people and Federal agencies. … Now we look to the private sector to support our efforts and reap the collective benefits.

The full White House blog posting is appended, below.

 

The White House Blog

Advancing the National Strategy for Trusted Identities in Cyberspace: Government as Early Adopter

Posted by Howard A. Schmidt on October 14, 2011 at 05:32 PM EDT

When I last discussed the need for better digital credentials in this blog, the President had just signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) to address two challenges that can affect economic growth online: (1) the insecurity and inconvenience of static passwords and (2) the cost of transactional risks that arise from the inability of individuals to prove their true identity online. The solution proposed by NSTIC is a user-centric “Identity Ecosystem” built on the foundation of private-sector identity providers.

Now the Administration has taken another key step towards realizing the vision of NSTIC. Our Federal Chief Information Officer (CIO), Steven VanRoekel, just issued a Memorandum for Chief Information Officers of Executive Departments and Agencies detailing requirements for accepting externally-issued digital credentials. Going forward, Executive Departments and Agencies must accept approved externally-issued credentials when they are upgrading or developing Level 1 websites (as defined by OMB Memorandum 04-04 and NIST SP 800-63) that allow members of the public and business partners to register or log on. In addition, websites requiring credentials with higher levels of assurance (Levels 2, 3 and 4) should also be enabled to accept approved externally-issued credentials where appropriate. In basic terms, this means that solutions from firms like Equifax, Google, PayPal, Symantec and Wave Systems – all of whom have had their credentialing solutions certified to meet Federal security and privacy requirements – can be trusted identity providers for certain types of Federal applications.

This memorandum marks a new day for Federal efficiency: a citizen who is a veteran, a college student and a taxpayer ought not to have to obtain separate digital credentials at each agency website, but instead should be able to use ones he or she already has – a university-issued credential for example – across sites hosted by the Departments of Veterans Affairs, Education and Treasury. Doing so allows the Federal government to streamline the customer experience and recognize real cost savings just when we need to be tightening our belts. Moreover, by using accredited identity providers, Federal agencies see to it that Americans’ information is treated with privacy and security online.

Yet the Federal government’s role in facilitating the growth of the Identity Ecosystem is only half the story. To date, a handful of identity providers have undergone or are undergoing the Federal approval process. We are eager to see – particularly at the higher levels of credential assurance – a larger, vibrant pool of accredited identity providers to provide more choices for people and Federal agencies. The Federal government has developed a viable framework for using federated digital credentials, and with this memorandum, taken a significant step towards creating a more efficient government that can meet the needs of the American people in the 21st century. Now we look to the private sector to support our efforts and reap the collective benefits.

Learn more about the Federal approval process and the Open Identity Solutions for Open Government and Federal Public Key Infrastructure initiatives, or contact icam@gsa.gov.

Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President

Please follow and like us:
error

Tags: , , , , ,

Leave a Reply

You must be logged in to post a comment.

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. She is the 2018-9 Editor in Chief of the Syracuse Law Review, as well as a member of the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories

RSS
Follow by Email
Facebook
LinkedIn