Get Email UpdatesSign up below to receive free Trusted Identities Group blog updates.
- From public preview to public draft: SP 800-63 is open for comment!
- Making Privacy Concrete (Three Words Not Usually Found Together)
- 2016 Year in Review: (TIG-ing stock of) Innovation in the Identity Ecosystem
- SOFA Talk: Strength of Function for Authenticators Framework Now Open for Comment!
- Got trust? Seeking public comment on new NIST publication for developing trust frameworks to support identity federation
February 2017 M T W T F S S « Jan 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
Tag Archives: Pilots
Most in the IT space won’t know this, but NIST has one of the world’s best concrete engineering programs. Maybe we just have concrete on the mind since a couple of us in the office are doing house renovations, but with today’s publication of the NIST Internal Report 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062), we are taking a page from the concrete folks’ book with a document that we believe hardens the way we treat privacy, moving us one step closer to making privacy more science than art. NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems. Continue reading
When you think about 2016, the first thing that comes to mind is innovation in the identity ecosystem. That can’t just be us, right? While there has been a host of high-profile bad things that happened in digital identity this year, we try to keep our eyes on the prize. And there’s been a lot of progress toward the long-term goal. Continue reading
As the sun was setting on the thirtieth modern Olympiad in London, NIST was preparing to announce our very first set of NSTIC pilot projects. As the flame goes out in Rio, we’re setting new records. In our largest pilot announcement to date, today NIST is proud to add six new projects to our ranks and bring the total number of projects to 24. Continue reading
Last week in New Orleans, the Identity Ecosystem Steering Group (IDESG) launched the Identity Ecosystem Framework (IDEF) Registry and publicly listed the first four organizations to self-attest. At the 17th IDESG plenary meeting, these organizations presented their experiences – emphasizing the business benefit of publicly showcasing their dedication to trusted digital identity solutions. They also shared the ease of self-attestation, thanks to the IDESG’s concierge that assists Registry applicants. Continue reading
It’s a little hard to believe, but today marks the 5th anniversary of the NSTIC, the strategy for achieving trusted digital identities in a private sector-led identity ecosystem. Let’s take a glimpse back in time to where we were five years ago:
It’s 2011. Most (79%) American adults use the Internet. The average user needs 10 different passwords for their daily online activity, according to a UK study, and 3 out of 4 Americans don’t use sufficiently strong passwords for their most sensitive accounts. It’s also a year of unprecedented data breaches. In fact, “2011 boasts the second-highest data loss since [Verizon] started keeping track in 2004,” with 855 incidents and 174 million compromised records. Some companies are getting more aggressive in pursuing better security; 2011 is the year Google released two-factor authentication (2FA). While companies are beginning to adopt more secure solutions, they’re still uncommon, even in services with the most sensitive data: in 2011, only 35% of non-Federal short-term care hospitals have the capability for 2FA. Continue reading
Say you’ve just had a procedure done at a hospital. This means new electronic medical records – but it likely also means a new account and yet another password to remember. When your healthcare team includes primary care physicians, dentists, allergists, and more, the number of accounts you have to remember can really add up. Continue reading
Happy Data Privacy Day! According to a recent survey of young Americans by Harvard’s Institute of Politics, 65% of respondents said they were “very concerned” about technology companies collecting digital information from their phone or computer. While it’s only January, that level of concern suggests privacy will continue to have a place in the national conversation throughout 2016. Continue reading
A recent McKinsey report found that the critical drivers of customer satisfaction with state government services are: fast, simple, and efficient processes; the availability of online options for completing interactions; and the transparency of information. Secure and convenient digital access to online state services can make a genuine difference to beneficiaries—that’s why these providers need to both deliver solutions and protect against fraud—while safeguarding personal information from malicious actors. Continue reading
When the Identity Ecosystem Steering Group (IDESG) plenary convened last week in Tampa, Florida, attendees meant business. By Friday afternoon, committees had finalized the baseline requirements and supplemental guidance for v1 of the Identity Ecosystem Framework (IDEF). Now the plenary stands in recess with the IDESG on track for a major milestone: completion of the IDEFv1, set for public release on October 20th! Continue reading
Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model. Continue reading