identifying the baseline idesg security committee discussion 10/23/2014 1
TRANSCRIPT
1
Identifying the Baseline
IDESG Security Committee Discussion10/23/2014
10/23/2014
2
Objectives
• Clarify what is meant by “baseline” and how this committee intends to address it…
10/23/2014
3
Baseline References
• Requirements Presentation– Requirements are a foundational component of the Identity
Ecosystem Framework intended to:• define a baseline for participation in the Identity Ecosystem
– What is the baseline? Improving the security, privacy, usability, and interoperability of everyday online transactions
– What benefits could the everyday consumer see if this baseline was established? (e.g., reduced account compromise through increased use of multifactor authentication; greater user control through notice, consent requirements; etc.)
• The Strategy (NSTIC):– The Strategy seeks to promote the existing marketplace,
encourage new solutions where none exist, and establish a baseline of privacy, security, interoperability, and ease of use that will enable the market to flourish.
10/23/2014
4
Proposed “Target of Requirements”
• Identify least “risky” type of transaction that should be “in-scope” and use this as the target of requirements development
• Baseline requirements are intended to define the proper execution of Identity Ecosystem functions that support transactions:
1. That require authentication; and2. Where personal information is collected,
transmitted, retained, processed, disclosed, and/or disposed of
10/23/2014
5
Scoping Baseline Requirements
10/23/2014
6
Baseline Requirements
• Are not:– An incomplete set of requirements– A stop gap or half measure– A copy and paste effort
• Should be as complete as possible to achieve security for the defined target
• Even with self-attestation, IDESG recognition should reflect a service provider is among the “best in market” at following the NSTIC Guiding Principles.
10/23/2014
7
Next Steps
• With this target in mind:– Review current requirements, supplemental
guidance, and references – Provide feedback and input – Update draft requirements
10/23/2014
8
Upcoming Milestones
• Identify recipients for requirements questionnaires (October 29th)
• Complete draft requirements (October 31st)• Develop requirements questionnaires
(November 14th)• Distribute requirements questionnaires
(November 17th)
10/23/2014
9
Questions/Discussion?
10/23/2014