NSTIC Programs- Fixing Passwords and Reducing Identity Theft

This past November, Jeremy Grant, Senior Executive Advisor for Identity Management at the National Institute of Standards and Technology, spoke at Oracle’s Federal Forum about the threat of cyber crime and identity theft (pretty relevant given Tuesday’s announcement). You can view parts one, two and three of his presentation here.

As a refresher, NSTIC was launched in April 2011 and calls for private industry to lead the effort in creating the Identity Ecosystem (a marketplace that allows people to choose from multiple security vendors). The idea behind NSTIC was that private companies are much better suited for developing innovative security and identity management solutions than the government. However, the public sector is needed to bring private companies together in a partnership and to provide advice.

The Identity Ecosystem steering group, which seeks to provide a marketplace with multiple identity providers that issue trusted credentials, has 1100 individuals and 450 companies and federal agencies participating. They chose five organizations to pilot identity solutions. Below are the agencies and what they are doing to reduce cyber crime and identity theft.


AAMVA (American Association of Motor Vehicle Administrators)- Leads a consortium of partners to implement the Cross Sector Digital Identity Initiative (CSDII). The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce.


Daon– The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability.


Criterion: The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience.


Resilient: The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption.


University Corporation for Advanced Internet Development (UCAID) is building a privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2’s InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies.


You can learn more about the individual pilot programs here.

So what can you do? First, you can participate in NSTIC pilot programs. Second, you can join the Indentity Ecosystem steering group. Third, you can become an early adopter of these programs and encourage those around you to do the same.