The Smart Card Alliance endorsed the Obama Administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC), developed under the auspices of the president’s Cyberspace Policy Review by the National Security Staff and an interagency writing team.
The NSTIC initiative correctly recognizes that there are very real problems of identity management, privacy and security in our society today, and brings a much needed focus on solving the problems, said the Smart Card Alliance in a press release. Although its scope is limited to cyberspace, the Framework it outlines would also establish essential foundational elements that could help to strengthen identity, privacy and security in healthcare, social security administration, immigration reform and other programs in the physical world.
The NSTIC Framework draft is intentionally broad in scope, providing a wide range of trusted identity constructs and identity protection technologies. There is recognition that many different public and private stakeholders will be involved in working out the specifics of the Framework and ultimately, using it.
The Healthcare and Identity Councils of the Smart Card Alliance, a non-profit public/private partnership organization whose members include healthcare providers, financial institutions, payment brands, enterprises, government users and technology providers, prepared specific comments on the NSTIC Framework draft. Some points are:
· The Alliance strongly agrees with the ideas of using federal, state and local government and academia programs to accelerate development of the Identity Ecosystem, while leveraging existing procedures, standards and technologies such as FIPS 201 and the Federal Identity, Credentialing and Access Management Roadmap used to achieve Personal Identity Verification (PIV) and interoperability (PIV-I) in Homeland Security Presidential Directive (HSPD)-12.
· The highest priority should be first defining the Identity Ecosystem for the most trusted digital transactions based on an identity medium, because it can have the greatest positive impact on identity, security and privacy and it is also the least developed commercially.
· A suggested idea to make high-value identity transactions both secure and easy to use is the familiar approach of a card and PIN as an identity medium; however, to achieve high levels of security, the card must include smart card technology to carry PKI credentials, biometrics and other security features. This would also create a portable identity medium, and provide a secure environment that is independent from the PC, thereby side-stepping issues involved with PC, website and service provider hacker threats.
The current final draft is available for public review and input. The document will be posted until July 19, 2010.