The Smart Card Alliance has announced its endorsement of the Obama Administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC), developed under the President’s Cyberspace Policy Review by the National Security Staff and an interagency writing team. The NSTIC initiative addresses the problems of Web-based identity management.
The SCA strongly agrees with the NSTIC’s ideas of using federal, state and local government and academia programs to accelerate development of the identity ecosystem, while leveraging existing procedures, standards and technologies such as FIPS 201 and the Federal Identity, Credentialing and Access Management Roadmap.
The SCA adds that the highest priority should be defining the identity ecosystem for the most trusted digital transactions based on an identity medium, since this part of the ecosystem can have the greatest positive impact on identity, security and privacy and it is also the least developed commercially and therefore needs the greatest attention and leadership.
The alliance also suggests using smart card technology to carry PKI credentials, biometrics and other security features to create a portable identity medium and provide a secure environment that is independent from the PC, thereby side-stepping hacker threats.
The NSTIC document explains that the need for such a strategy is due to the rising tide of identity theft, online fraud and cyber intrusions, the proliferation of user names and passwords that individuals must remember, and the need to deliver online services more securely and efficiently. The NSTIC’s framework mentions smart card technology as the kind of technology appropriate for an identity medium, or a personal security device to protect identities in online transactions and prevent others from stealing or misusing them.
The current final draft is posted here for public review and input until July 19.