NIST Publishes Recommendations for Establishing Governance Structure for Implementation of National Trusted Identities Strategy

NIST Privacy/Cyber Risk & Data Security

On February 7, the National Institute of Standards and Technology (NIST) published a report with recommendations for developing a governance system to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC directs the federal government to work with private sector stakeholders to establish and maintain an identity ecosystem for internet transactions aimed at  promoting trust, privacy, and security. The report summarizes comments received in response to a June 2011 Notice of Inquiry (NOI) that sought public input regarding the establishment and structure of a private sector-led steering group to implement the NSTIC. Based on those comments, stakeholder workshops, and best practices from similar governance efforts, the report presents recommendations in four areas:  (i) steering group initiation, (ii) steering group structure, (iii) stakeholder representation, and (iv) international coordination. The report also includes a recommended charter to establish the steering group and notes that, subject to public comment and finalization of the approach outlined in the report, NIST intends to initiate a competitive grant program to fund a secretariat responsible for convening the initial steering group.