Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifying the Baseline IDESG Security Committee Discussion 10/23/2014 1.

Similar presentations

Presentation on theme: "Identifying the Baseline IDESG Security Committee Discussion 10/23/2014 1."— Presentation transcript:

1 Identifying the Baseline IDESG Security Committee Discussion 10/23/2014 1

2 Objectives Clarify what is meant by “baseline” and how this committee intends to address it… 10/23/20142

3 Baseline References Requirements Presentation – Requirements are a foundational component of the Identity Ecosystem Framework intended to: define a baseline for participation in the Identity Ecosystem – What is the baseline? Improving the security, privacy, usability, and interoperability of everyday online transactions – What benefits could the everyday consumer see if this baseline was established? (e.g., reduced account compromise through increased use of multifactor authentication; greater user control through notice, consent requirements; etc.) The Strategy (NSTIC): – The Strategy seeks to promote the existing marketplace, encourage new solutions where none exist, and establish a baseline of privacy, security, interoperability, and ease of use that will enable the market to flourish. 10/23/20143

4 Proposed “Target of Requirements” Identify least “risky” type of transaction that should be “in-scope” and use this as the target of requirements development Baseline requirements are intended to define the proper execution of Identity Ecosystem functions that support transactions: 1.That require authentication; and 2.Where personal information is collected, transmitted, retained, processed, disclosed, and/or disposed of 10/23/20144

5 Scoping Baseline Requirements 10/23/20145

6 Baseline Requirements Are not: – An incomplete set of requirements – A stop gap or half measure – A copy and paste effort Should be as complete as possible to achieve security for the defined target Even with self-attestation, IDESG recognition should reflect a service provider is among the “best in market” at following the NSTIC Guiding Principles. 10/23/20146

7 Next Steps With this target in mind: – Review current requirements, supplemental guidance, and references – Provide feedback and input – Update draft requirements 10/23/20147

8 Upcoming Milestones Identify recipients for requirements questionnaires (October 29th) Complete draft requirements (October 31st) Develop requirements questionnaires (November 14 th ) Distribute requirements questionnaires (November 17 th ) 10/23/20148

9 Questions/Discussion? 10/23/20149

Download ppt "Identifying the Baseline IDESG Security Committee Discussion 10/23/2014 1."

Similar presentations

Ads by Google