The Smart Card Alliance has endorsed the US Government’s National Strategy for Trusted Identities in Cyberspace (NSTIC), developed under the auspices of the President’s Cyberspace Policy Review by the National Security Staff and an interagency writing team.
“The NSTIC initiative correctly recognises that there are very real problems of identity management, privacy and security in our society, and brings a much needed focus on solving the problems,” says the Alliance. “Although its scope is limited to cyberspace, the framework it outlines would also establish essential foundational elements that can help to strengthen identity, privacy and security in healthcare, social security administration, immigration reform and other programs in the physical world.”
According to the Alliance, the NSTIC Framework is intentionally broad in scope, providing a wide range of trusted identity constructs and identity protection technologies. It says: “The framework is very pragmatic and practical in its approach, because it limits its role to being an enabler, facilitator and accelerator of the identity ecosystem development. There is a clear recognition that many different public and private stakeholders will be involved in working out the specifics of the framework and ultimately, using it.”
The Smart Card Alliance’s Healthcare and Identity Councils have prepared specific comments on the NSTIC framework draft. Among its comments, the Alliance states:
· It strongly agrees with the ideas of using federal, state and local government and academia programmes to accelerate development of the identity ecosystem, while leveraging existing procedures, standards and technologies such as FIPS 201 and the Federal Identity, Credentialing and Access Management Roadmap used to achieve Personal Identity Verification (PIV) and interoperability (PIV-I) in Homeland Security Presidential Directive (HSPD)-12.
· The highest priority should be first defining the identity ecosystem for the most trusted digital transactions based on an identity medium, because this part of the identity ecosystem can have the greatest positive impact on identity, security and privacy and it is also the least developed commercially and therefore needs the greatest attention and leadership.
· A suggested idea to make high-value identity transactions both secure and easy to use is the familiar approach of a card and PIN as an identity medium; however, to achieve high levels of security, the card must include smart card technology to carry PKI credentials, biometrics and other security features; other important advantages are that this would create a portable identity medium, and it provides a secure environment that is independent from the PC, thereby side-stepping issues involved with PC, website and service provider hacker threats.
The draft of the NSTIC document is available from www.nstic.ideascale.com
The Smart Card Alliance’s full comments can be viewed on its website