NASCIO offers states guidance on trusted digital identity
State governments seeking to create a trusted digital identity now have a roadmap from the National Association of State Chief Information Officers.
NASCIO released the “State Identity Credential and Access Management Guidance and Roadmap,"
a report on the programs, processes, technologies and personnel needed to establish a common framework for identity credential and access management within state government.
This guidance promotes a federated approach where identification of the information requester and supplier are guaranteed. This is of vital importance in an environment where phishing, scamming and identity theft are rampant, NASCIO officials said.
"States can, and should, provide a secure, auditable environment for the processing and exchange of information across the entire spectrum of state business," said Doug Robinson, executive director of NASCIO.
"It is essential that state governments take the initiative to ensure the integrity of the data entrusted to them and provide a high level of security and privacy to citizens, customers, and partners,” he said.
The SICAM document is designed to help states use a digital infrastructure to securely conduct business electronically within and between other states, their business partners, and with the public, through the use of digital IDs, authentication, digital signature, and encryption technologies. Guidance is provided for both legacy system integration and new application development.
An example of an existing trust framework is the Federal Public Key Infrastructure (FPKI) Policy Authority. FPKI is an interagency body set up under the CIO Council to enforce digital certificate standards for trusted identity authentication across the federal agencies and between federal agencies and outside bodies, such as universities, state and local governments and commercial firms.
Encompassing an enterprise approach will significantly reduce administrative and technological overhead caused by siloed, incompatible, and un-auditable ID management systems; improve business processes; and reduce cyber security risks, according to NASCIO.
The primary audience for the guidelines is the state CIO, chief information security officer, enterprise architect and other state ICAM implementers at all stages of program implementation. However, it may also be used as a resource for systems integrators, end users, and business partners wanting to interoperate through state programs.
This SICAM Guidance and Roadmap is being released as Version 1.0 and may include revised content in future iterations.