SlideShare a Scribd company logo

NSTC Executive Summary on Federal Identity Management

Duane Blackburn
Duane Blackburn

The National Science and Technology Council's Task Force on Identity Management was established to assess the current state of identity management (IdM) across the US federal government and develop a vision for the future. The Task Force found that over 3,000 federal systems currently utilize personally identifiable information in an inconsistent and duplicative manner. Their vision calls for a federated network to securely manage digital identities using common data standards. This would enhance accuracy, availability, and privacy while reducing duplication. The Task Force provided recommendations in areas like standards, architecture, research needs, and government-wide coordination to advance toward this holistic IdM framework.

1 of 11
Download to read offline
EXECUTIVE SUMMARY
About the National Science and Technology Council The National Science and Technology Council (NSTC) was established by executive order Nov. 23, 1993. This Cabinet-level Council is the principal means within the executive branch to coordinate science and technology policy across the diverse entities that make up the federal research and development enterprise. Chaired by the President, the NSTC is made up of the Vice President, the Director of the Office of Science and Technology Policy, Cabinet Secretaries and Agency Heads with significant science and technology responsibilities, and other White House officials. A primary objective of the NSTC is the establishment of clear national goals for federal science and technology investments in a broad array of areas spanning virtually all mission areas of the executive branch. The Council prepares research and development strategies that are coordinated across federal agencies to form investment packages aimed at accomplishing multiple national goals. The Subcommittee on Biometrics and Identity Management was chartered by the National Science and Technology Council (NSTC) Committee on Technol- ogy (COT) and has been in operation since 2003. The purpose of the Subcommit- tee is to advise and assist the COT, NSTC, and other coordination bodies of the Executive Office of the President on policies, procedures, and plans for federally sponsored biometric and Identity Management (IdM) activities. The Subcommit- tee facilitates a strong, coordinated effort across federal agencies to identify and address important policy issues, as well as researching, testing, standards, privacy, and outreach needs. The Subcommittee chartered this Task Force to assess the sta- tus of and challenges related to IdM technologies and to develop recommenda- tions regarding the federal government’s science and technology needs in this area. Additional information about the Subcommittee is available at www.biometrics.gov.
Acknowledgements The Task Force would like to thank the following individuals for contri- buting to its success: • Duane Blackburn (Office of Science and Technology Policy) for his vision to establish the Task Force and to populate it with individuals with such varying foci; • Jim Dray (National Institute of Standards and Technology) and Judith Spencer (General Services Administration) for effectively managing the Task Force through six months of weekly meetings; • FBI contractors Michelle Johnson (BRTRC) and Martin Harding (BRTRC) for managing the administrative aspects of the Task Force; • James Ennis (State), Deborah Gallagher (DHS), William Gravell (DOD), Niels Quist (DOJ), and Bill Brykczynski (STPI) for chairing the Task Force’s subordinate working teams; • William Gravell (DOD) for the innumerable hours he personally devoted to massaging the views of the Task Force members into a cohesive, agree- able description in this report; • Karen Evans (OMB), Carol Bales (OMB), and the members of the CIO Council, for their assistance in identifying the current status of IdM in the federal government; • The staff at the Science and Technology Policy Institute (under contract to OSTP), for analyzing data received from the CIO Council; • The staff at BRTRC, Inc., (under contract to FBI) for editing and graphics support; and • The IDM Task Force members, who provided input and contributed a sig- nificant amount of their time over the course of the six-month effort, are listed in Annex B.
CONTENTS EXECUTIVE SUMMARY........................................................................................ ES-1
EXECUTIVE SUMMARY Introduction Identity Management (IdM) has existed throughout history to serve both public and private purposes. It has continuously evolved to match changing opera- tional needs, to take advantage of new capabilities, and to stay consistent with the societal conventions of the day. The most recent advancement in IdM has been its transition into the modern digital world, which has provided a wealth of previous- ly impossible capabilities to support both security and convenience needs. Digital IdM systems are becoming increasingly commonplace, and their explosive growth is expected to continue. For the purposes of this Task Force, Identity Management means “the combination of technical systems, rules, and procedures that define the owner- ship, utilization, and safeguarding of personal identity information. The primary goal of the IdM process is to assign attributes to a digital identity and to connect that identity to an individual.” The terms of reference for this Task Force are at Annex A. To date, this growth has been driven by the need to meet independent mis- sion needs (including both screening applications and access control). As these missions continue to expand, overlaps across missions will become more and more pervasive. This is an undeniable truth, as all IdM systems relate back to an individual — actions taken within one system will potentially impact data and/or decisions in other systems. A holistic, cross-mission analysis and planning cycle has not previously been performed, presumably because of the tremendous scope of the task and the duty’s inherent social sensitivity. This daunting task was as- ES-1
signed to the National Science and Technology Council’s (NSTC) Task Force on Identity Management (Task Force), as a continuation of independently developed and managed government IdM systems will encounter operational, technological, and privacy issues that will become increasingly difficult to manage. The Task Force’s scope was limited to federal government systems, with the full understanding that these systems frequently rely on and impact IdM sys- tems beyond federal control. This report presents an overview of the current state of federal IdM systems and also presents a high-level vision of how these systems can be holistically designed to provide better services while increasing privacy protection. The purpose of this report is to initiate further discussion on this vi- sion, inform policy decisions, and provide direction on which to base near-term research. Task Force Work The Task Force was chartered to study federal IdM over a six-month pe- riod, with a broad range of representation from different government missions, and was given three primary tasks: • Provide an assessment of the current state of IdM in the U.S. gov- ernment; • Develop a vision for how IdM should operate in the future; • Develop first-step recommendations on how to advance toward this vision. The Task Force undertook two overlapping approaches to determine the current state of IdM in the U.S. government, a detailed assessment of publicly available Privacy Impact Assessments and an OMB-issued survey to the Federal Chief Information Officers’ Council. The combined analysis showed that there are more than 3,000 systems within the U.S. government that utilize Personally Iden- tifiable Information (PII), and the vast majority of these were designed and are managed independently from one another. These facts contribute to several issues with the current state: ES-2
• Duplicative identity data is often stored in multiple locations with- in the same agency, as well as across agencies, causing a negative impact on accuracy and complicating an individual’s attempt at re- dress; • A lack of commonly used standards makes appropriate cross- function collaboration difficult, thus impacting both time-sensitive mission needs as well as reducing personal privacy; • Privacy protection efforts vary in complexity across agencies; • There is no single government-wide forum responsible for coordi- nating and homogenizing IdM efforts across the U.S. government. The IdM Task Force’s vision for the future is a substantially more orga- nized Identity Management framework. A fundamental precept for this vision is a realization that not all PII is created equal. Some PII will be useful for broad range of applications, while others are only useful within the context of a specific application and should not be shared outside that application. PII within both of these categories also have varying levels of sensitivity and should be managed accordingly. The Task Force’s vision includes a federated approach for leveraging broad-use PII elements to maximize accuracy, availability, privacy protection, and management of this data. Individual applications would access this data through a network grid, which can be established using common technical standards and policies to ensure appropriate use and control. Once verified, broad-use PII can be augmented with application-specific PII in order to make operational decisions. To this end, we make the following assumptions: • Identity and the management of all the personal identifiable quali- ties of identity information are considered a critical asset in sustaining our security posture; • To the extent available and practicable, a very high confidence in an asserted identity is recommended as the basis for authorization for access to government applications regardless of assurance level re- ES-3
quired. For example, Personal Identity Verification (PIV) credentials required by HSPD-12 and used by federal employees and contractors are available and provide for a very high level of confidence and could be used for accessing all applications — even those requiring lower levels of assurance; • There is an expectation that revocation of identity data and the re- lated authorizations are executed in accordance with government-wide standards throughout all applications (whether used to support logical or physical access); • There is an understanding that management and protection of iden- tity is not the responsibility of any one or a few federal agencies, but rather the responsibility of all federal agencies to enable. Identity is a component of each and every transaction. If one federal agency fails to carry out their responsibility, access to our networks and facilities will be significantly jeopardized. Several top-level goals and characteristics for the government’s proposed state of IdM can thus be described as: • Configuration and operation of a “network of networks” to secure- ly manage digital identities, based on a set of common data ele- ments for stored PII that will allow it to be leveraged by a broad range of applications; • Security of process, data transmission, and storage; this includes and embraces all features of confidentiality, integrity, authenticity, and privacy, including use of encryption and multifactor authenti- cation; • Auditability of processes, with complete, automatic, and secure record keeping; • Ubiquitous availability, at global distances, of strong verification of stored digital identity when called for or needed to support an authorized application; • Standards-based connectivity, interoperability, and extensibility of supporting IT architecture; ES-4
• Preservation of application-specific PII data under control of appli- cation sponsors, with minimal exposure to unauthorized access or unnecessary transmission across networks; • Ability of prospective application sponsors to develop, install, and operate applications in a way that permits the supporting IT grid to be seen as a freely available, ubiquitous service. The above elements form the tenets of a strategy to manage and protect identity within all federal agencies. Anticipated benefits over the current state in- clude: • Enhanced accuracy and management of PII that is used by multiple applications; • Clear separation of application-specific PII and tighter controls to ensure this information isn’t shared across domains; • A uniform, more transparent approach of handling PII; • Minimization of duplicative efforts to generate, maintain, and sa- feguard PII; • Providing the government a better understanding of and ability to macro-manage its IdM activities. This report offers a set of recommendations (see Section 4) organized into specific subject areas as follows: • Standards and Guidance; • Architecture; • Science and Technology Considerations; • Government-wide Coordination. The Science and Technology recommendations may be acted upon imme- diately, as the success of those efforts will impact further analyses and policymak- ing required to provide depth and direction to the Task Force’s initial vision. ES-5
Toward that end, the Task Force recommends an enduring IdM forum to visualize and address IdManagement issues holistically, in policy and technology. This process should seek to frame the governmental agenda in this broad area, inform the standards and guidance development activities, and guide the further refine- ment of the IdM architecture. In so doing, it should guide activities that will ex- pand and refine our total understanding and support the development of consensus within an informed public regarding the whole range of IdManagement issues and opportunities within the federal enterprise. Conclusion It is important to note that the Task Force does not see this report as being the “final” analysis of the IdM needs of the federal government, nor is it consi- dered to be a comprehensive treatment of the subject in a level of detail sufficient to determine formal policy. Rather, it is an initial study that provides a common foundation and vision on which to base future research, discussions, studies, and, eventually, policymaking. The Task Force aimed to make this report as intellec- tually comprehensive as possible within available time and resources, seeking, above all, to recognize and treat IdM in its full dimensions, including its growing importance to the conduct of government. In contemplating the current state of IdM in the federal government, and thinking about the future direction, one may paraphrase Winston Churchill: “It is not the end, nor even the beginning of the end; but it is, perhaps, the end of the beginning…” ES-6
The complete Task Force report is now available online at two locations: http://www.ostp.gov/cs/nstc/documents_reports and http://www.biometrics.gov/NSTC/Publications.aspx ES-7

Recommended

Gao privacy updates
Gao privacy updatesGao privacy updates
Gao privacy updatesInes Mergel
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011Vladimir Matviychuk
 
A Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsA Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsArab Federation for Digital Economy
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E HewittErrol Hewitt. MSCP, BA
 
Information Policy: Public Sector Information
Information Policy: Public Sector InformationInformation Policy: Public Sector Information
Information Policy: Public Sector InformationLaurieTewksbury
 
BCC 2007 - NSTC
BCC 2007 - NSTCBCC 2007 - NSTC
BCC 2007 - NSTCDuane Blackburn
 
Marriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanMarriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanDavid Sweigert
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sirbgshalini
 

Recommended

Gao privacy updates
Gao privacy updatesGao privacy updates
Gao privacy updatesInes Mergel
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011Vladimir Matviychuk
 
A Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsA Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsArab Federation for Digital Economy
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E HewittErrol Hewitt. MSCP, BA
 
Information Policy: Public Sector Information
Information Policy: Public Sector InformationInformation Policy: Public Sector Information
Information Policy: Public Sector InformationLaurieTewksbury
 
BCC 2007 - NSTC
BCC 2007 - NSTCBCC 2007 - NSTC
BCC 2007 - NSTCDuane Blackburn
 
Marriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanMarriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanDavid Sweigert
 
Information policy sunil sir
Information policy sunil sirInformation policy sunil sir
Information policy sunil sirbgshalini
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesDuane Blackburn
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Headon
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV
 
Research IDEA
Research IDEAResearch IDEA
Research IDEAHidayatul Haq Hidayat [HHH]
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response PlaybookHewlett Packard Enterprise Business Value Exchange
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist- Mark - Fullbright
 
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern VehiclesDr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern VehiclesDr Dev Kambhampati
 
Developing a Federal Vision for Identity Management
Developing a Federal Vision for Identity ManagementDeveloping a Federal Vision for Identity Management
Developing a Federal Vision for Identity ManagementDuane Blackburn
 
6026 Cybersecurity China
6026 Cybersecurity China6026 Cybersecurity China
6026 Cybersecurity ChinaAnastasia Stitch
 
Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...Mobile Age Project
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist- Mark - Fullbright
 
WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011NCLA2011
 
VT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning TechnologiesVT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning TechnologiesGardner Campbell
 
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tablesId intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tablesAmerican Lands Council
 
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)Marcellus Drilling News
 
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...Department of Economic and Social Affairs (UN DESA)
 
Staff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task ForceStaff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task ForceVancouver Mayor's Office
 
Welcome to the Tokyo 2020 Olympics English Task Force Group
Welcome to the Tokyo 2020 Olympics English Task Force GroupWelcome to the Tokyo 2020 Olympics English Task Force Group
Welcome to the Tokyo 2020 Olympics English Task Force GroupiCTVBA - International Cloud TV Broadcasters Alliance
 
FICCI Solar Energy Task Force Report on Financing Solar Energy
FICCI Solar Energy Task Force Report on Financing Solar EnergyFICCI Solar Energy Task Force Report on Financing Solar Energy
FICCI Solar Energy Task Force Report on Financing Solar EnergyFederation of Indian Chambers of Commerce & Industry (FICCI)
 
Anum presentation
Anum presentationAnum presentation
Anum presentationNajeeb Elahi
 
The Starbucks Experience Principle 5
The Starbucks Experience Principle 5The Starbucks Experience Principle 5
The Starbucks Experience Principle 5賴則先 Jason Che-Hsien LAI, PMP
 

More Related Content

What's hot

BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesDuane Blackburn
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information PolicyNiamh Headon
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV
 
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern VehiclesDr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern VehiclesDr Dev Kambhampati
 
Developing a Federal Vision for Identity Management
Developing a Federal Vision for Identity ManagementDeveloping a Federal Vision for Identity Management
Developing a Federal Vision for Identity ManagementDuane Blackburn
 
Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...Mobile Age Project
 

What's hot (12)

BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government Needs
 
Potential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric ServicesPotential Opportunities for Common Federal Biometric Services
Potential Opportunities for Common Federal Biometric Services
 
Introduction to Information Policy
Introduction to Information PolicyIntroduction to Information Policy
Introduction to Information Policy
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and PrinciplesICEGOV - Tutorial 1 - Information Policy Concepts and Principles
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
 
Research IDEA
Research IDEAResearch IDEA
Research IDEA
 
Executive Breach Response Playbook
Executive Breach Response PlaybookExecutive Breach Response Playbook
Executive Breach Response Playbook
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
 
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern VehiclesDr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
Dr Dev Kambhampati | Cybersecurity Best Practices for Modern Vehicles
 
Developing a Federal Vision for Identity Management
Developing a Federal Vision for Identity ManagementDeveloping a Federal Vision for Identity Management
Developing a Federal Vision for Identity Management
 
6026 Cybersecurity China
6026 Cybersecurity China6026 Cybersecurity China
6026 Cybersecurity China
 
Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...Policy Brief : Privacy implications of technologies to address social isolati...
Policy Brief : Privacy implications of technologies to address social isolati...
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
 

Viewers also liked

WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011NCLA2011
 
VT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning TechnologiesVT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning TechnologiesGardner Campbell
 
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tablesId intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tablesAmerican Lands Council
 
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)Marcellus Drilling News
 
Staff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task ForceStaff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task ForceVancouver Mayor's Office
 
Sheila Greco Associates Brochure
Sheila Greco Associates BrochureSheila Greco Associates Brochure
Sheila Greco Associates Brochuretcarbone67
 
Internet and '08 US Presidential Campaign
Internet and '08 US Presidential CampaignInternet and '08 US Presidential Campaign
Internet and '08 US Presidential Campaignlaym
 
4 SITE DIGITAL MARKETING PRESENTATION
4 SITE DIGITAL MARKETING PRESENTATION4 SITE DIGITAL MARKETING PRESENTATION
4 SITE DIGITAL MARKETING PRESENTATION4 Site Digital
 
What Is Esocial Science.Key
What Is Esocial Science.KeyWhat Is Esocial Science.Key
What Is Esocial Science.Keyncess
 
Linked in powerpoint
Linked in powerpointLinked in powerpoint
Linked in powerpointChris Smith
 
Presentation1
Presentation1Presentation1
Presentation1andrewaja
 
Marking a mark: assessment for learning
Marking a mark: assessment for learningMarking a mark: assessment for learning
Marking a mark: assessment for learningJo Webb
 
BCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsBCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsDuane Blackburn
 
Poe's Astro Shows Medley
Poe's Astro Shows MedleyPoe's Astro Shows Medley
Poe's Astro Shows MedleyKevin Poe
 

Viewers also liked (20)

WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011WorkSmart presentation NCLA 10-5-2011
WorkSmart presentation NCLA 10-5-2011
 
VT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning TechnologiesVT 1989 University Task Force Report on Digital Learning Technologies
VT 1989 University Task Force Report on Digital Learning Technologies
 
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tablesId intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
Id intertech-preliminary-draft-public-land-mgmt-task-force-report-tables
 
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
PA Governor's Pipeline Infrastructure Task Force Report - Final (Feb 2016)
 
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...
2012 MDG Gap Task Force Report - “The Global Partnership for Development: Mak...
 
Staff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task ForceStaff presentation: Final report on Mayor's Housing Affordability Task Force
Staff presentation: Final report on Mayor's Housing Affordability Task Force
 
Welcome to the Tokyo 2020 Olympics English Task Force Group
Welcome to the Tokyo 2020 Olympics English Task Force GroupWelcome to the Tokyo 2020 Olympics English Task Force Group
Welcome to the Tokyo 2020 Olympics English Task Force Group
 
FICCI Solar Energy Task Force Report on Financing Solar Energy
FICCI Solar Energy Task Force Report on Financing Solar EnergyFICCI Solar Energy Task Force Report on Financing Solar Energy
FICCI Solar Energy Task Force Report on Financing Solar Energy
 
Anum presentation
Anum presentationAnum presentation
Anum presentation
 
The Starbucks Experience Principle 5
The Starbucks Experience Principle 5The Starbucks Experience Principle 5
The Starbucks Experience Principle 5
 
Sheila Greco Associates Brochure
Sheila Greco Associates BrochureSheila Greco Associates Brochure
Sheila Greco Associates Brochure
 
Internet and '08 US Presidential Campaign
Internet and '08 US Presidential CampaignInternet and '08 US Presidential Campaign
Internet and '08 US Presidential Campaign
 
4 SITE DIGITAL MARKETING PRESENTATION
4 SITE DIGITAL MARKETING PRESENTATION4 SITE DIGITAL MARKETING PRESENTATION
4 SITE DIGITAL MARKETING PRESENTATION
 
What Is Esocial Science.Key
What Is Esocial Science.KeyWhat Is Esocial Science.Key
What Is Esocial Science.Key
 
Linked in powerpoint
Linked in powerpointLinked in powerpoint
Linked in powerpoint
 
Presentation1
Presentation1Presentation1
Presentation1
 
Marking a mark: assessment for learning
Marking a mark: assessment for learningMarking a mark: assessment for learning
Marking a mark: assessment for learning
 
Cloud based Web Intelligence
Cloud based Web IntelligenceCloud based Web Intelligence
Cloud based Web Intelligence
 
BCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsBCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In Biometrics
 
Poe's Astro Shows Medley
Poe's Astro Shows MedleyPoe's Astro Shows Medley
Poe's Astro Shows Medley
 

Similar to NSTC Executive Summary on Federal Identity Management

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-web
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-webChinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-web
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-webMala Chinoy
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...Duane Blackburn
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docxblondellchancy
 
Health Information Governance Analysis
Health Information Governance AnalysisHealth Information Governance Analysis
Health Information Governance AnalysisKaty Allen
 
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIA
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIAA DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIA
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIAijmpict
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxjeanettehully
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxglendar3
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxtodd581
 
250 words agree or disagreePlease discuss the various limitation.docx
250 words agree or disagreePlease discuss the various limitation.docx250 words agree or disagreePlease discuss the various limitation.docx
250 words agree or disagreePlease discuss the various limitation.docxvickeryr87
 
SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 Hybrid Cloud
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Enterprise security strategic_plan
Enterprise security strategic_planEnterprise security strategic_plan
Enterprise security strategic_planwardell henley
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxcharisellington63520
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceGwanhoo Lee
 

Similar to NSTC Executive Summary on Federal Identity Management (20)

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
 
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-web
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-webChinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-web
Chinoy Paper 2016 - WDQC-MakingtheMostofWorkforceData-web
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
 
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...
NSTC Policy for Enabling the Development, Adoption and Use of Biometric Stand...
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx1. Read the RiskReport to see what requirements are.2. Read the .docx
1. Read the RiskReport to see what requirements are.2. Read the .docx
 
Health Information Governance Analysis
Health Information Governance AnalysisHealth Information Governance Analysis
Health Information Governance Analysis
 
BCC 2009 - NSTC
BCC 2009 - NSTCBCC 2009 - NSTC
BCC 2009 - NSTC
 
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIA
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIAA DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIA
A DATA GOVERNANCE MATURITY ASSESSMENT: A CASE STUDY OF SAUDI ARABIA
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
 
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docxRunning head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
 
Sheppard Resume 2015 update
Sheppard Resume 2015 updateSheppard Resume 2015 update
Sheppard Resume 2015 update
 
250 words agree or disagreePlease discuss the various limitation.docx
250 words agree or disagreePlease discuss the various limitation.docx250 words agree or disagreePlease discuss the various limitation.docx
250 words agree or disagreePlease discuss the various limitation.docx
 
SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Enterprise security strategic_plan
Enterprise security strategic_planEnterprise security strategic_plan
Enterprise security strategic_plan
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 

More from Duane Blackburn

What is I2 Final-Approved
What is I2 Final-ApprovedWhat is I2 Final-Approved
What is I2 Final-ApprovedDuane Blackburn
 
Identity Intelligence: From Reactionary Support to Sustained Enabler
Identity Intelligence: From Reactionary Support to Sustained EnablerIdentity Intelligence: From Reactionary Support to Sustained Enabler
Identity Intelligence: From Reactionary Support to Sustained EnablerDuane Blackburn
 
Where We Are Today – The Current Landscape of Identity Management
Where We Are Today – The Current Landscape of Identity ManagementWhere We Are Today – The Current Landscape of Identity Management
Where We Are Today – The Current Landscape of Identity ManagementDuane Blackburn
 
Research, Development, Test, and Evaluation: A Defensible Process for Federal...
Research, Development, Test, and Evaluation: A Defensible Process for Federal...Research, Development, Test, and Evaluation: A Defensible Process for Federal...
Research, Development, Test, and Evaluation: A Defensible Process for Federal...Duane Blackburn
 
The National Biometrics Challenge (2011)
The National Biometrics Challenge (2011)The National Biometrics Challenge (2011)
The National Biometrics Challenge (2011)Duane Blackburn
 
Interagency Coordination of Biometrics and Forensic RDT&E
Interagency Coordination of Biometrics and Forensic RDT&EInteragency Coordination of Biometrics and Forensic RDT&E
Interagency Coordination of Biometrics and Forensic RDT&EDuane Blackburn
 
Identity Management Policy - The End of the Beginning?
Identity Management Policy - The End of the Beginning?Identity Management Policy - The End of the Beginning?
Identity Management Policy - The End of the Beginning?Duane Blackburn
 
Research Challenges in Combating Terrorist Use of Explosives in the United St...
Research Challenges in Combating Terrorist Use of Explosives in the United St...Research Challenges in Combating Terrorist Use of Explosives in the United St...
Research Challenges in Combating Terrorist Use of Explosives in the United St...Duane Blackburn
 
NSTC Identity Management Task Force Report
NSTC Identity Management Task Force Report NSTC Identity Management Task Force Report
NSTC Identity Management Task Force Report Duane Blackburn
 
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations Duane Blackburn
 
Privacy and Biometrics: Building a Conceptual Foundation
Privacy and Biometrics: Building a Conceptual FoundationPrivacy and Biometrics: Building a Conceptual Foundation
Privacy and Biometrics: Building a Conceptual FoundationDuane Blackburn
 
The National Biometrics Challenge
The National Biometrics ChallengeThe National Biometrics Challenge
The National Biometrics ChallengeDuane Blackburn
 
Federal Biometrics Overview for Venture Capitalists (2005)
Federal Biometrics Overview for Venture Capitalists (2005)Federal Biometrics Overview for Venture Capitalists (2005)
Federal Biometrics Overview for Venture Capitalists (2005)Duane Blackburn
 
Using The National Science and Technology Council (NSTC)
Using The National Science and Technology Council (NSTC)Using The National Science and Technology Council (NSTC)
Using The National Science and Technology Council (NSTC)Duane Blackburn
 
Federal Budget Process Overview
Federal Budget Process OverviewFederal Budget Process Overview
Federal Budget Process OverviewDuane Blackburn
 
BCC 2005 - Justice Biometrics Cooperative
BCC 2005 - Justice Biometrics CooperativeBCC 2005 - Justice Biometrics Cooperative
BCC 2005 - Justice Biometrics CooperativeDuane Blackburn
 
BCC 2004 - Interagency RDT&E Coordination
BCC 2004 - Interagency RDT&E CoordinationBCC 2004 - Interagency RDT&E Coordination
BCC 2004 - Interagency RDT&E CoordinationDuane Blackburn
 

More from Duane Blackburn (20)

What is I2 Final-Approved
What is I2 Final-ApprovedWhat is I2 Final-Approved
What is I2 Final-Approved
 
Identity Intelligence: From Reactionary Support to Sustained Enabler
Identity Intelligence: From Reactionary Support to Sustained EnablerIdentity Intelligence: From Reactionary Support to Sustained Enabler
Identity Intelligence: From Reactionary Support to Sustained Enabler
 
Where We Are Today – The Current Landscape of Identity Management
Where We Are Today – The Current Landscape of Identity ManagementWhere We Are Today – The Current Landscape of Identity Management
Where We Are Today – The Current Landscape of Identity Management
 
Research, Development, Test, and Evaluation: A Defensible Process for Federal...
Research, Development, Test, and Evaluation: A Defensible Process for Federal...Research, Development, Test, and Evaluation: A Defensible Process for Federal...
Research, Development, Test, and Evaluation: A Defensible Process for Federal...
 
The National Biometrics Challenge (2011)
The National Biometrics Challenge (2011)The National Biometrics Challenge (2011)
The National Biometrics Challenge (2011)
 
Interagency Coordination of Biometrics and Forensic RDT&E
Interagency Coordination of Biometrics and Forensic RDT&EInteragency Coordination of Biometrics and Forensic RDT&E
Interagency Coordination of Biometrics and Forensic RDT&E
 
Identity Management Policy - The End of the Beginning?
Identity Management Policy - The End of the Beginning?Identity Management Policy - The End of the Beginning?
Identity Management Policy - The End of the Beginning?
 
Research Challenges in Combating Terrorist Use of Explosives in the United St...
Research Challenges in Combating Terrorist Use of Explosives in the United St...Research Challenges in Combating Terrorist Use of Explosives in the United St...
Research Challenges in Combating Terrorist Use of Explosives in the United St...
 
NSTC Identity Management Task Force Report
NSTC Identity Management Task Force Report NSTC Identity Management Task Force Report
NSTC Identity Management Task Force Report
 
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations
Biometrics in Government Post-9/11: Advancing Science, Enhancing Operations
 
Privacy and Biometrics: Building a Conceptual Foundation
Privacy and Biometrics: Building a Conceptual FoundationPrivacy and Biometrics: Building a Conceptual Foundation
Privacy and Biometrics: Building a Conceptual Foundation
 
The National Biometrics Challenge
The National Biometrics ChallengeThe National Biometrics Challenge
The National Biometrics Challenge
 
Federal Biometrics Overview for Venture Capitalists (2005)
Federal Biometrics Overview for Venture Capitalists (2005)Federal Biometrics Overview for Venture Capitalists (2005)
Federal Biometrics Overview for Venture Capitalists (2005)
 
Using The National Science and Technology Council (NSTC)
Using The National Science and Technology Council (NSTC)Using The National Science and Technology Council (NSTC)
Using The National Science and Technology Council (NSTC)
 
Federal Budget Process Overview
Federal Budget Process OverviewFederal Budget Process Overview
Federal Budget Process Overview
 
BCC 2008 - NSTC
BCC 2008 - NSTCBCC 2008 - NSTC
BCC 2008 - NSTC
 
BCC 2006 - NSTC
BCC 2006 - NSTCBCC 2006 - NSTC
BCC 2006 - NSTC
 
BCC 2005 - NSTC
BCC 2005 - NSTC BCC 2005 - NSTC
BCC 2005 - NSTC
 
BCC 2005 - Justice Biometrics Cooperative
BCC 2005 - Justice Biometrics CooperativeBCC 2005 - Justice Biometrics Cooperative
BCC 2005 - Justice Biometrics Cooperative
 
BCC 2004 - Interagency RDT&E Coordination
BCC 2004 - Interagency RDT&E CoordinationBCC 2004 - Interagency RDT&E Coordination
BCC 2004 - Interagency RDT&E Coordination
 

NSTC Executive Summary on Federal Identity Management

  • 2. About the National Science and Technology Council The National Science and Technology Council (NSTC) was established by executive order Nov. 23, 1993. This Cabinet-level Council is the principal means within the executive branch to coordinate science and technology policy across the diverse entities that make up the federal research and development enterprise. Chaired by the President, the NSTC is made up of the Vice President, the Director of the Office of Science and Technology Policy, Cabinet Secretaries and Agency Heads with significant science and technology responsibilities, and other White House officials. A primary objective of the NSTC is the establishment of clear national goals for federal science and technology investments in a broad array of areas spanning virtually all mission areas of the executive branch. The Council prepares research and development strategies that are coordinated across federal agencies to form investment packages aimed at accomplishing multiple national goals. The Subcommittee on Biometrics and Identity Management was chartered by the National Science and Technology Council (NSTC) Committee on Technol- ogy (COT) and has been in operation since 2003. The purpose of the Subcommit- tee is to advise and assist the COT, NSTC, and other coordination bodies of the Executive Office of the President on policies, procedures, and plans for federally sponsored biometric and Identity Management (IdM) activities. The Subcommit- tee facilitates a strong, coordinated effort across federal agencies to identify and address important policy issues, as well as researching, testing, standards, privacy, and outreach needs. The Subcommittee chartered this Task Force to assess the sta- tus of and challenges related to IdM technologies and to develop recommenda- tions regarding the federal government’s science and technology needs in this area. Additional information about the Subcommittee is available at www.biometrics.gov.
  • 3. Acknowledgements The Task Force would like to thank the following individuals for contri- buting to its success: • Duane Blackburn (Office of Science and Technology Policy) for his vision to establish the Task Force and to populate it with individuals with such varying foci; • Jim Dray (National Institute of Standards and Technology) and Judith Spencer (General Services Administration) for effectively managing the Task Force through six months of weekly meetings; • FBI contractors Michelle Johnson (BRTRC) and Martin Harding (BRTRC) for managing the administrative aspects of the Task Force; • James Ennis (State), Deborah Gallagher (DHS), William Gravell (DOD), Niels Quist (DOJ), and Bill Brykczynski (STPI) for chairing the Task Force’s subordinate working teams; • William Gravell (DOD) for the innumerable hours he personally devoted to massaging the views of the Task Force members into a cohesive, agree- able description in this report; • Karen Evans (OMB), Carol Bales (OMB), and the members of the CIO Council, for their assistance in identifying the current status of IdM in the federal government; • The staff at the Science and Technology Policy Institute (under contract to OSTP), for analyzing data received from the CIO Council; • The staff at BRTRC, Inc., (under contract to FBI) for editing and graphics support; and • The IDM Task Force members, who provided input and contributed a sig- nificant amount of their time over the course of the six-month effort, are listed in Annex B.
  • 5. EXECUTIVE SUMMARY Introduction Identity Management (IdM) has existed throughout history to serve both public and private purposes. It has continuously evolved to match changing opera- tional needs, to take advantage of new capabilities, and to stay consistent with the societal conventions of the day. The most recent advancement in IdM has been its transition into the modern digital world, which has provided a wealth of previous- ly impossible capabilities to support both security and convenience needs. Digital IdM systems are becoming increasingly commonplace, and their explosive growth is expected to continue. For the purposes of this Task Force, Identity Management means “the combination of technical systems, rules, and procedures that define the owner- ship, utilization, and safeguarding of personal identity information. The primary goal of the IdM process is to assign attributes to a digital identity and to connect that identity to an individual.” The terms of reference for this Task Force are at Annex A. To date, this growth has been driven by the need to meet independent mis- sion needs (including both screening applications and access control). As these missions continue to expand, overlaps across missions will become more and more pervasive. This is an undeniable truth, as all IdM systems relate back to an individual — actions taken within one system will potentially impact data and/or decisions in other systems. A holistic, cross-mission analysis and planning cycle has not previously been performed, presumably because of the tremendous scope of the task and the duty’s inherent social sensitivity. This daunting task was as- ES-1
  • 6. signed to the National Science and Technology Council’s (NSTC) Task Force on Identity Management (Task Force), as a continuation of independently developed and managed government IdM systems will encounter operational, technological, and privacy issues that will become increasingly difficult to manage. The Task Force’s scope was limited to federal government systems, with the full understanding that these systems frequently rely on and impact IdM sys- tems beyond federal control. This report presents an overview of the current state of federal IdM systems and also presents a high-level vision of how these systems can be holistically designed to provide better services while increasing privacy protection. The purpose of this report is to initiate further discussion on this vi- sion, inform policy decisions, and provide direction on which to base near-term research. Task Force Work The Task Force was chartered to study federal IdM over a six-month pe- riod, with a broad range of representation from different government missions, and was given three primary tasks: • Provide an assessment of the current state of IdM in the U.S. gov- ernment; • Develop a vision for how IdM should operate in the future; • Develop first-step recommendations on how to advance toward this vision. The Task Force undertook two overlapping approaches to determine the current state of IdM in the U.S. government, a detailed assessment of publicly available Privacy Impact Assessments and an OMB-issued survey to the Federal Chief Information Officers’ Council. The combined analysis showed that there are more than 3,000 systems within the U.S. government that utilize Personally Iden- tifiable Information (PII), and the vast majority of these were designed and are managed independently from one another. These facts contribute to several issues with the current state: ES-2
  • 7. Duplicative identity data is often stored in multiple locations with- in the same agency, as well as across agencies, causing a negative impact on accuracy and complicating an individual’s attempt at re- dress; • A lack of commonly used standards makes appropriate cross- function collaboration difficult, thus impacting both time-sensitive mission needs as well as reducing personal privacy; • Privacy protection efforts vary in complexity across agencies; • There is no single government-wide forum responsible for coordi- nating and homogenizing IdM efforts across the U.S. government. The IdM Task Force’s vision for the future is a substantially more orga- nized Identity Management framework. A fundamental precept for this vision is a realization that not all PII is created equal. Some PII will be useful for broad range of applications, while others are only useful within the context of a specific application and should not be shared outside that application. PII within both of these categories also have varying levels of sensitivity and should be managed accordingly. The Task Force’s vision includes a federated approach for leveraging broad-use PII elements to maximize accuracy, availability, privacy protection, and management of this data. Individual applications would access this data through a network grid, which can be established using common technical standards and policies to ensure appropriate use and control. Once verified, broad-use PII can be augmented with application-specific PII in order to make operational decisions. To this end, we make the following assumptions: • Identity and the management of all the personal identifiable quali- ties of identity information are considered a critical asset in sustaining our security posture; • To the extent available and practicable, a very high confidence in an asserted identity is recommended as the basis for authorization for access to government applications regardless of assurance level re- ES-3
  • 8. quired. For example, Personal Identity Verification (PIV) credentials required by HSPD-12 and used by federal employees and contractors are available and provide for a very high level of confidence and could be used for accessing all applications — even those requiring lower levels of assurance; • There is an expectation that revocation of identity data and the re- lated authorizations are executed in accordance with government-wide standards throughout all applications (whether used to support logical or physical access); • There is an understanding that management and protection of iden- tity is not the responsibility of any one or a few federal agencies, but rather the responsibility of all federal agencies to enable. Identity is a component of each and every transaction. If one federal agency fails to carry out their responsibility, access to our networks and facilities will be significantly jeopardized. Several top-level goals and characteristics for the government’s proposed state of IdM can thus be described as: • Configuration and operation of a “network of networks” to secure- ly manage digital identities, based on a set of common data ele- ments for stored PII that will allow it to be leveraged by a broad range of applications; • Security of process, data transmission, and storage; this includes and embraces all features of confidentiality, integrity, authenticity, and privacy, including use of encryption and multifactor authenti- cation; • Auditability of processes, with complete, automatic, and secure record keeping; • Ubiquitous availability, at global distances, of strong verification of stored digital identity when called for or needed to support an authorized application; • Standards-based connectivity, interoperability, and extensibility of supporting IT architecture; ES-4
  • 9. Preservation of application-specific PII data under control of appli- cation sponsors, with minimal exposure to unauthorized access or unnecessary transmission across networks; • Ability of prospective application sponsors to develop, install, and operate applications in a way that permits the supporting IT grid to be seen as a freely available, ubiquitous service. The above elements form the tenets of a strategy to manage and protect identity within all federal agencies. Anticipated benefits over the current state in- clude: • Enhanced accuracy and management of PII that is used by multiple applications; • Clear separation of application-specific PII and tighter controls to ensure this information isn’t shared across domains; • A uniform, more transparent approach of handling PII; • Minimization of duplicative efforts to generate, maintain, and sa- feguard PII; • Providing the government a better understanding of and ability to macro-manage its IdM activities. This report offers a set of recommendations (see Section 4) organized into specific subject areas as follows: • Standards and Guidance; • Architecture; • Science and Technology Considerations; • Government-wide Coordination. The Science and Technology recommendations may be acted upon imme- diately, as the success of those efforts will impact further analyses and policymak- ing required to provide depth and direction to the Task Force’s initial vision. ES-5
  • 10. Toward that end, the Task Force recommends an enduring IdM forum to visualize and address IdManagement issues holistically, in policy and technology. This process should seek to frame the governmental agenda in this broad area, inform the standards and guidance development activities, and guide the further refine- ment of the IdM architecture. In so doing, it should guide activities that will ex- pand and refine our total understanding and support the development of consensus within an informed public regarding the whole range of IdManagement issues and opportunities within the federal enterprise. Conclusion It is important to note that the Task Force does not see this report as being the “final” analysis of the IdM needs of the federal government, nor is it consi- dered to be a comprehensive treatment of the subject in a level of detail sufficient to determine formal policy. Rather, it is an initial study that provides a common foundation and vision on which to base future research, discussions, studies, and, eventually, policymaking. The Task Force aimed to make this report as intellec- tually comprehensive as possible within available time and resources, seeking, above all, to recognize and treat IdM in its full dimensions, including its growing importance to the conduct of government. In contemplating the current state of IdM in the federal government, and thinking about the future direction, one may paraphrase Winston Churchill: “It is not the end, nor even the beginning of the end; but it is, perhaps, the end of the beginning…” ES-6
  • 11. The complete Task Force report is now available online at two locations: http://www.ostp.gov/cs/nstc/documents_reports and http://www.biometrics.gov/NSTC/Publications.aspx ES-7