2016 digital identity progress released by TIG, formerly NSTIC
Newly renamed Trusted Identities Group (TIG) outlines future initiatives
03 January, 2017
First there was NSTIC, then the NPO and now we have TIG.
NSTIC leader Mike Garcia recapped 2016 progress in digital identity in a post on the NSTIC blog. When established, NSTIC had a 10-year implementation timeframe. At the midpoint, he says, “we are tracking well to the benchmarks established in the strategy.”
So what is TIG?
NIST’s Trusted Identities Group (TIG) is the rebranded National Program Office (NPO). In essence, it is the entity overseeing the implementation of the NSTIC ‘strategy.’ The TIG administers the grant programs that enable private sector led pilots in digital identity. It also takes a lead role in the development of guidance and specifications to help advance “measurement science, technology, and standards adoption to improve digital identity.”
What was accomplished in 2016 through the efforts of the TIG?
- The largest pilot award to date saw six new projects funded, bringing the total to 24. Projects helped states ease citizen access to online services, issue mobile driver licenses and improve access to health records.
- Eight publications were produced on topics ranging from attribute metadata to trust frameworks to developing trust frameworks to support identity federations.
- SP 800-63-3: Digital Identity Guideline was updated to better align with Executive Order 13681, market advancements and the international community.
- Strong growth was seen in adoption of solutions from previous pilots program, “which (as of just September 30) has impacted more than 6.7 million individuals across 12 sectors.”
- A new initiative aimed at quantifying the relative strength of various authentication factors launched. The first Strength of Function for Authenticators (SOFA) draft focused on biometric authenticators and thus was named SOFA-B. The SOFA framework is based on “three core concepts: False Match Rate, Presentation Attack Detection Error Rate (spoof detection), and Effort, that is, what it takes to break a system.”
Additionally worth noting is the IDESG’s launch of the registry for the Identity Ecosystem Framework, called the IDEF Registry.
What is in store for 2017 from the TIG?
To begin, they will work with agencies to implement the changes in SP 800-63-3. This suggests that TIG will actively work to help agencies deploy secure authentication for citizen-to-government transactions.
According to Garcia, “we’re working with our sibling group, the National Cybersecurity Center of Excellence (NCCoE), to launch an effort to make the great solutions in the market and the great progress we’ve made on standards and guidance real and easily implementable for agencies and industry alike.”
They will also develop an implementation guide to SP 800-63 to help bridge the gap between guidance and application of the guidance.
Additionally, TIG will recap how the market has changed since the NSTIC was released in 2011, along with our roadmap for continuing the momentum over the next five years.
No word of new pilots or funding for 2017 has been announced.
Check out the full article at the TIG blog.