“How do I know you are who you say you are?” and “Are you authorized to gain access?” These two questions lie at the heart of Identity Management (IdM). Keeping the homeland secure depends heavily on both guarding and granting access to secure systems, facilities, and other resources. In the dynamic field of cybersecurity, IdM involves both identifying people and managing their access within a government, state, local, public, or private sector network domains or other network enterprises. The process consists of associating user privileges with the established identity for authentication and authorization.
The mission of the S&T Cyber Security Division (CSD) IdM research projects is to develop tools that help manage and control user access inside and outside of organizational boundaries. The projects develop, test, and evaluate interoperable tools, technologies, standards, and protocols. The ultimate goal of these is to increase security and productivity while decreasing cost and security risks.
All IdM projects aim to fulfill the requirements and meet the needs of the S&T “customer”—the homeland security enterprise—which spans the emergency response, law enforcement, finance, and health sector organizations. To increase the sustainable use of trusted credentials for identity and access management, the IdM project coordinates development activities and encourages working relationships among various research and development communities.
Key IdM Areas and Principles
The IdM projects evaluate new and existing identity management systems and techniques to support four major areas: identity-proofing, access control, authorization, and secure information sharing. These IdM areas of activity are helping the private sector like the financial services sector, as they play a significant role in Critical Infrastructure/Key Resources.
- One area of the IdM program deals closely with the Financial Services Sector and is focused on lowering the risk of incorrect identity validation as required by financial sector institutions. The White House facilitated an Memorandum of Understanding (MOU) between DHS S&T, the National Institute of Standards and Technology (NIST), and the Financial Services Coordinating Council (FSCC) to conduct R&D on critical infrastructure protection. The number one priority for FSSCC required “improving the identity proofing” process of consumers opening financial accounts - where the major financial institutions are working to reduce the risk of identity fraud.
- S&T has developed a Verifying Identity Credential Service (FI-VICS) gateway based on open standards to streamline and strengthen the identity verification process, providing a seamless capability to reduce the risk of identity fraud [link to FI-VICS gateway]
S&T has established an IdM testbed to evaluate various identity and access control architectures and technologies for the broader homeland security community, including Federal, state, local, public, and private sectors. This testbed is just one example of how DHS S&T is investing in advanced research and development activities that support IdM objectives and innovation. By enabling the public and private sectors to adopt these technologies broadly and to participate in these activities, S&T fosters collaboration across communities of interest and greater innovation overall in identity and access management.
S&T is committed to investing in advanced R&D activities that support IdM objectives and support innovation for better solutions. This is achieved in part by enabling broad adoption and participation by public and private sectors as well as collaboration across communities of interest. All IdM projects are based on the requirements and capability gaps of the Homeland Security Enterprise, including federal, state, local, public and private sectors. Coordinating development activities and encouraging working relationships between the customers and development communities is core to increasing the sustainable use of trusted credentials for identity and access management. Cross-industry events, designed to serve as platforms for collaboration, are already underway.
- State and Local – S&T sponsors the PIV-I/FRAC Technology Transition Working Group (TTWG), where federal, state and local partners share activities, lessons learned and success stories for a standard, interoperable and trusted credential.
- Financial Services Sector – The S&T-sponsored Financial Institution – Verifying Identity Credential Service includes all the major financial institutions working to reduce the risk of identity fraud.
- Federal – S&T participates in and provides research and development support to the Federal Identity, Credential, and Access Management (FICAM) subcommittee under the Federal Chief Information Officers Council.
- Internal DHS Components – S&T convened the Privacy Working Group, comprised of privacy stakeholders to include but not limited to, various DHS agency components such as U.S. Customs and Immigration Enforcement (ICE), U.S. Citizenship and Immigration Services (USCIS),U.S. Customs and Border Protection (CBP), U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) and U.S. Transportation Security Adminstration (TSA) regarding their operational-level view of privacy gaps in DHS. The Privacy Working Group meets annually to gather requirements to address common capability gaps.
IdM Research Projects and Transitions
- Backend Attribute Exchange (BAE) for Secure Information Sharing
- Case Study Report
- Standard-based Attribute Exchange to a Mobile Device for Incident Scene Access Provisioning
- Financial Institution – Verifying Identity Credential Service
- PACS/LACS interoperability
S&T IdM & Data Privacy Mailbox: email@example.com