Identity

New ID policy looks to leverage government credentials

people and data (Lightspring/Shutterstock.com) 

An updated credentialing policy from the White House looks to tap agency-issued identifiers like Social Security numbers to secure digital transactions.

A new memo from the Office of Management and Budget directs agencies to set up teams for each agency to govern identity management efforts. It also stresses the importance of making valid identities interoperable across agency boundaries.

To that end, the memo directs agencies to accept existing personal identity verification credentials rather than issue new ones and to use PIV credentials as "a method to encrypt information in transit and shared between two or more federal employees or contractors." It also tasks the National Institute of Standards and Technology, the Federal CIO Council and the Federal Privacy Council to collaborate with agencies to pilot alternatives to managing identities.

Chih-Wei Yi, a risk and financial advisory principal at Deloitte, said that while "most" of memo consisted of "codifying" best practices in industry, the focus on interoperability would make doing business across agencies easier.

Eventually the cross-government collaboration could mean that contractors and others who work with multiple agencies would not have to get individual PIV cards for each agency, which would save time, money and "make for a more productive workforce," Yi said.

In the private sector, organizations have been pushing for the federal government to update its identity management policy.

Jeremy Grant, coordinator of the Better Identity Coalition, called the new memo "a critical step" in better securing digital identity and closing the "identity gap" between traditional, physical credentials and digital environments.

"It lays the policy foundation for a new array of more secure, privacy-enhanced digital identity solutions to help consumers better protect their identities and more easily do business online," he said.

Last year, the Better Identity Coalition published a policy blueprint to help change the way individuals establish and maintain online identity. The OMB memo adopted the blueprint's recommendation that government offer new digital services to validate identities issued to consumers.

While the memo does not call for the $1 billion that the Better Identity Coalition outlined in its blueprint, it does target agencies that have more citizen-facing profiles and greater cybersecurity risks.

The memo directs "agencies that are authoritative sources for attributes," such as the Social Security Administration, to "establish privacy-enhanced data validation APIs for public and private sector identity proofing services to consume, providing a mechanism to improve the assurance of digital identity verification transactions based on consumer consent."

"Those selected agencies, in coordination with OMB, shall establish standard processes and terms of use for public and private sector identity proofing services that want to consume the APIs," it states.

Another key update in the memo is the inclusion of non-human entities as part of the identity management policy. Yi said he found the extension of the definition of identity to non-human entities to be pertinent.

"There are going to be more and more of these advanced technologies, and adding that layer to the workforce requires that agencies figure out how to have these bots access sensitive information," he said.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.