Risk
9/19/2013
10:54 AM
50%
50%

NIST Awards Grants To Improve Online Security, Privacy

Five firms have been selected to pilot approaches for National Strategy for Trusted Identities in Cyberspace.

Iris Scans: Security Technology In Action
Iris Scans: Security Technology In Action
(click image for larger view)
The National Institute of Standards and Technology (NIST) has awarded more than $7 million in grants to five U.S. organizations to develop pilot online identity protection and verification systems.

The awards are part of federal efforts to work with private sector and advocacy groups to develop the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC program is seeking ways for individuals and organizations to adopt secure, easy-to-use, and interoperable identity credentials to access online services.

"Collectively, these five pilots will drive innovation in online identity management, helping to foster a marketplace of more secure, convenient, privacy-enhancing identity solutions available to all Americans online," said NIST's Jeremy Grant, senior executive advisor for identity management. Grant is head of the NSTIC National Program Office at NIST.

The selected pilot proposals receiving grants include:

Exponent (Calif.): $1,589,400

The Exponent pilot will issue secure, easy-to-use privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a healthcare organization and the U.S. Department of Defense. The test program will deploy two types of identity verification: the use of mobile devices that leverage so-called "derived credentials" stored in the device's SIM card, and secure wearable devices such as rings and bracelets.

[ Is data-centric more effective than device-centric when it comes to security? Read Secure Data, Not Devices. ]

Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723

The GTRC pilot will develop and demonstrate a "trust mark framework" that seeks to improve trust, interoperability and privacy. Trust marks are a badge, image or logo displayed on a business' website to indicate that the business has been shown to be trustworthy by the issuing organization. Defining trust marks for specific sets of policies, using machine-readable methods, will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.

Privacy Vaults Online (PRIVO) (Va.): $1,611,349

PRIVO will pilot a solution that provides families with secure, privacy-enhancing credentials that are compliant with the Children's Online Privacy Protection Act (COPPA). The credentials will enable parents and guardians to authorize their children to interact with online services in a more confidential and usable way. Project partners, including one of the country's largest online content providers and one of the world's largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children's data.

ID.me (Va.): $1,204,957

ID.me's Troop ID will develop and pilot more secure (Level of Assurance 3) trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and healthcare organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets qualified users verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. The more secure Troop ID credential solution would permit users to interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX).

Transglobal Secure Collaboration Participation (TSCP) (Va.): $1,264,074

The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, using an open source, technology-neutral Trust Framework Development Guidance document.

The NSTIC National Program Office will invite pilot project awardees to give presentations on their initiatives at a January 2014 meeting in Atlanta.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
WKash
50%
50%
WKash,
User Rank: Apprentice
9/20/2013 | 9:22:20 PM
re: NIST Awards Grants To Improve Online Security, Privacy
Let's hope the National Strategy for Trusted Identities in Cyberspace (NSTIC) is able to turn these pilots into tangible answers for crafting reliable authentication practices.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.