Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- Mic Drop — Announcing the New Special Publication 800-63 Suite!
- REGISTER NOW – Privacy Risk Assessment: Prerequisite for Privacy Risk Management Workshop
- A minor plot twist: Comment period extended for PART of SP 800-63-3
- Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3
- Build Trust and Verify: New funding opportunity to assess our state pilots!
Author Archives: Naomi Lefkovitz
We are pleased to announce the next workshop in NIST’s ongoing series on privacy engineering and risk management – Privacy Risk Assessment: A Prerequisite for Privacy Risk Management, to be held in Gaithersburg, Maryland, on June 5, 2017. Registration is open now! Continue reading
We’re pleased to announce that on September 8, 2016, NIST and the Department of Transportation will hold a technical workshop on the next steps for NIST Special Publication 800-53, Appendix J…and registration is now open! Workshop participation from security and privacy engineers, privacy subject matter experts, and Senior Agency Officials for Privacy (SAOPs) is imperative for this workshop to be a success, so we encourage experts in these areas to register and attend. However, everyone is welcome so please feel free to join us if you are interested in the design of privacy protections in federal information systems. Continue reading
Happy Data Privacy Day! According to a recent survey of young Americans by Harvard’s Institute of Politics, 65% of respondents said they were “very concerned” about technology companies collecting digital information from their phone or computer. While it’s only January, that level of concern suggests privacy will continue to have a place in the national conversation throughout 2016. Continue reading
Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model. Continue reading
In recent months, there’s been much talk about the idea of companies competing on privacy. In theory, this sounds great. Consumers can make choices based on their privacy preferences, and the marketplace will respond. In practice, there are some significant … Continue reading
On Data Privacy Day, the NSTIC National Program Office is taking some time to reflect on our own efforts to improve privacy online. Fulfilling the promise of enhanced privacy is a critical element of building trusted interaction online. The first of the Strategy’s guiding principles, finding new solutions that are privacy-enhancing and voluntary has been a key driver of pilot project selection and the NPO’s work to drive innovative approaches to online identity. One of the primary methods for improving privacy we have been encouraging is the use of privacy-enhancing technologies (PETs) – a topic I will be discussing at the upcoming RSA Conference, in a P2P session – Privacy-enhancing Technologies: Pipe Dream or Unfulfilled Promise? Continue reading
Back in February, if you read our post on Putting the Fed in Federation: The U.S. Government as Early Adopter of the Identity Ecosystem and thought “when pigs fly,” you probably weren’t alone. But with the announcement that the United States Postal Service (USPS) has awarded SecureKey Technologies with a contract to stand up the Federal Cloud Credential Exchange (FCCX), you might just want to keep your eye on the horizon. Continue reading
At the NSTIC National Program Office (NPO), we have a three-prong plan for transforming the National Strategy for Trusted Identities in Cyberspace (NSTIC) from paper to reality. Initiate a steering group of all stakeholders to govern the Identity Ecosystem. Check. … Continue reading