1.2: Standards
Establish comprehensive identification and authentication standards based on defined risk models. Other Information:
Risk models provide a common understanding of the level of assurance required for a type of transaction, based upon the threats
to that type of transaction and the potential severity of their impact For example, the level of authentication required for
online banking is likely to differ from that required to access an online magazine subscription Technical and policy standards
based on these risk models will define how to remotely authenticate and manage the digital identities of subjects, including
the management of personal information in accordance with privacy laws and best practices The Federal Government will facilitate
private-sector efforts to establish these risk models and standards in accord with the vision of the Strategy The effort to
develop technical standards should use open, transparent fora and leverage existing, market-recognized guidance on assessing
required authentication levels It should also be informed by and, when possible, seek alignment with international efforts
Both technical and policy standards must enable consistency and interoperability while remaining flexible enough to adapt
as security threats evolve and the market innovates They must also take individual privacy protection into consideration,
ensuring that resulting standards have privacy “built in ” These technical and policy standards will establish a cross-sector
baseline of interoperability and behavior, and they will enhance the confidence of businesses seeking to invest in identity
solutions The ultimate goal of risk-based models and assessment tools will be to support the decisions that organizations
make to determine how they will operate within the Identity Ecosystem Developing standards that cover interoperability requirements,
trustmark criteria, and accreditation will pave the way for choice across solutions, ultimately accelerating Identity Ecosystem
adoption.
Indicator(s):
|
