New ID policy looks to leverage government credentials

people and data (Lightspring/ 

An updated credentialing policy from the White House looks to tap agency-issued identifiers like Social Security numbers to secure digital transactions.

A new memo from the Office of Management and Budget directs agencies to set up teams for each agency to govern identity management efforts. It also stresses the importance of making valid identities interoperable across agency boundaries.

To that end, the memo directs agencies to accept existing personal identity verification credentials rather than issue new ones and to use PIV credentials as "a method to encrypt information in transit and shared between two or more federal employees or contractors." It also tasks the National Institute of Standards and Technology, the Federal CIO Council and the Federal Privacy Council to collaborate with agencies to pilot alternatives to managing identities.

Chih-Wei Yi, a risk and financial advisory principal at Deloitte, said that while "most" of memo consisted of "codifying" best practices in industry, the focus on interoperability would make doing business across agencies easier.

Eventually the cross-government collaboration could mean that contractors and others who work with multiple agencies would not have to get individual PIV cards for each agency, which would save time, money and "make for a more productive workforce," Yi said.

In the private sector, organizations have been pushing for the federal government to update its identity management policy.

Jeremy Grant, coordinator of the Better Identity Coalition, called the new memo "a critical step" in better securing digital identity and closing the "identity gap" between traditional, physical credentials and digital environments.

"It lays the policy foundation for a new array of more secure, privacy-enhanced digital identity solutions to help consumers better protect their identities and more easily do business online," he said.

Last year, the Better Identity Coalition published a policy blueprint to help change the way individuals establish and maintain online identity. The OMB memo adopted the blueprint's recommendation that government offer new digital services to validate identities issued to consumers.

While the memo does not call for the $1 billion that the Better Identity Coalition outlined in its blueprint, it does target agencies that have more citizen-facing profiles and greater cybersecurity risks.

The memo directs "agencies that are authoritative sources for attributes," such as the Social Security Administration, to "establish privacy-enhanced data validation APIs for public and private sector identity proofing services to consume, providing a mechanism to improve the assurance of digital identity verification transactions based on consumer consent."

"Those selected agencies, in coordination with OMB, shall establish standard processes and terms of use for public and private sector identity proofing services that want to consume the APIs," it states.

Another key update in the memo is the inclusion of non-human entities as part of the identity management policy. Yi said he found the extension of the definition of identity to non-human entities to be pertinent.

"There are going to be more and more of these advanced technologies, and adding that layer to the workforce requires that agencies figure out how to have these bots access sensitive information," he said.

About the Author

Chase Gunter is a former FCW staff writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.