The continuing development of digital identity concepts has the potential to help organizations improve cybersecurity and mitigate a host of security risks, officials from the Federal government and Capitol Hill said during an October 3 event hosted by the Congressional Internet Caucus Academy.
Tim Weiler, economic policy advisor and legislative counsel for Rep. Bill Foster, D-Ill., highlighted current legislation that could help to boost the use of digital identity technology to help shore up the Federal government’s cybersecurity posture.
“Rep. Foster has been very engaged in the digital identity space and more broadly in the cybersecurity space,” Weiler said. “He’s got a particular bill – the Improving Digital Identity Act – which pushes for stronger standards to ensure a government-wide approach towards a better digital identity,” he said.
The Improving Digital Identity Act – which is cosponsored by Reps. John Katko, R-N.Y., Jim Langevin, D-R.I., and Barry Loudermilk, R-Ga., – was introduced in the House in July 2021. That measure was approved by the House Oversight and Reform Committee in July, and the Senate Homeland Security and Governmental Affairs Committee voted to approve a companion bill late last month.
The bill would establish a task force of Federal, state, and local leaders to develop secure methods for government agencies to validate identity attributes to protect the privacy and security of individuals. It also instructs the National Institute of Standards and Technology (NIST) to develop new standards for digital identity verification services, with an emphasis on security and privacy.
Connie LaSalle, senior technology policy advisor at NIST, explained at the October 3 event that her agency has already begun to develop guidelines around digital identity.
The NIST Digital Identity Guidelines provide technical requirements for Federal agencies implementing digital identity services, but are not intended to constrain the development or use of standards outside of that purpose.
“The guidelines lay out a risk-based approach to selecting a set of controls, practices, and processes that organizations across various sectors can access to improve their cyber posture while managing and mitigating possible cyber risks,” LaSalle said.
She also explained that the use of a secure and robust digital identification system that can protect privacy is essential. Digital identity is a reliable and user-friendly element for a strong cyber resilience strategy, she explained
“I’m not just talking about logical access through devices. I’m also talking about physical access, as the merger of the physical and digital world continues to happen,” LaSalle said. “We at NIST are working to provide organizations with guidelines to secure and resilient digital identity.”