USACM Summer Recap: Comments on NSTIC Governance

By David Bruggeman
August 12, 2011

Often things slow down in the summer, but that’s not been the case for USACM this year. We’ve been busy commenting on various government proposals related to computing and will post about that work over the next few days.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a government-wide effort to work with the private sector to provide identity verification options for consumers and providers. This is intended to maintain or improve confidence in online transactions. National Institute of Standards and Technology (NIST) staff wrote about the program in a recent issue of CACM (subscription required), and USACM commented on an NSTIC draft in 2009. There is a targeted implementation date of 2016. While that is far off, there is much work to do, starting with how to manage NSTIC.

NIST issued a notice of inquiry on NSTIC governance in early June, and USACM responded to questions on how this strategy should be guided moving forward. Our comments focused on the need for good governance to ensure trust in NSTIC – something critical to its effective function. Besides recommending that relevant technical and international experience be included on any NSTIC governance structure, our comments argued for ensuring that vacancies be filled promptly, and that NSTIC staff should review several existing technical bodies for insights on how to develop a governance structure.

Preliminary efforts on setting up NSTIC continue. With two workshops held so far this summer and another expected soon, there should be additional opportunities for public comment.