Progress on NSTIC and ICAM: Federal Executive Forum

Editor’s note: Ashley Stevenson, Identity Technology Director in ForgeRock’s office of the CTO, and head of our Federal business unit, was a panelist on the Federal Executive Forum radio show in late 2015. He appeared on the Identity & Access Management In Government Progress & Best Practices panel alongside execs from Dell, Symantec and immixGroup, and officials from the Department of Homeland Security, Department of Defense and the NIST. We’re running excerpts from Ashley’s remarks alongside clips from the show. Here’s the first one:

Progress on NSTIC and ICAM: Federal Executive Forum

Thank you Jim. So, ForgeRock provides an open source, standards-based identity management platform that helps our customers not only manage the identities of their internal employees and contractors, but also the identities and access for citizens, and non-person entities as well, such as things, APIs, service accounts and so forth.

Some of the progress we’re seeing – and I’d like to piggyback on what Paul was saying – is in the NSTIC realm (National Strategy for Trusted Identities in Cyberspace). Actually the State of Virginia passed a law this year that was basically an identity law that set up a liability framework so that, starting with Virginia for example, online service providers would have a better set of predictability, as far as their liability, to be able to start accepting those third party stronger credentials in place of passwords. So this could set the framework, instead of standards for other states to adopt similar laws, so that the liability piece of that business, legal and technology set of layers that need to be in place, will encourage citizens to use stronger credentials, and for the service providers to allow for and accept them. So I think that’s an NSTIC area of progress.

And I’d also say, in the internal realm, GSA – the folks who bring us the federal ICAM document (Identity, Credential and Access Management) – have been working on an upgraded version that would provide some more technically specific playbooks, if you will, that would allow the implementers at each federal agency to be able to execute a specific set of actions, perhaps even share code, to continue to further mature their ICAM capabilities at their agencies. That’s some examples of progress that we’re seeing at ForgeRock.