In an effort to address cybersecurity challenges identified by the Accelerate Adoption of Digital Identities on Mobile Devices project, the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) invites relevant organizations to provide letters of interest describing technical expertise and products to support and demonstrate international standards capabilities related to digital identities and mobile driver’s licenses (mDL).
As Mobile Device Use Surges, Efforts to Reduce Risk through Standards Efforts are Underway
Mobile devices, a commodity technology, have become convenient platforms for many uses across the world: with a few clicks, people can order a ride service, make payments at retailers, check in to a flight, access the gym, store concert tickets in a virtual wallet, and much more. To that end, in recent years, mobile devices have started to replace physical identification cards such as government issued driver’s licenses with a digital equivalent.
In an effort to examine standards for new digital credentials, to support both greater individual control of identity attributes and immediate validation with issuing sources, the NCCoE launched the Accelerate Adoption of Digital Identities on Mobile Devices project. The goal of the project is “to define and facilitate a reference architecture(s) for digital identities that protects privacy, is implemented in a secure way, enables equity, is widely adoptable, interoperable, and easy to use.”
Standards and the Accelerate Adoption of Digital Identities on Mobile Devices Project
The development of International Organization for Standardization/International Electrotechnical Commission standards ISO/IEC 18013-5 (published, on use of mDL in attended mode) and ISO/IEC 18013-7 (working draft, on use of mDLs in unattended/online mode) can raise the potential for both improved usability and convenience for the end user and stronger assurance in identity for organizations. Through its work and request for input as noted in the Federal Register, NCCoE aims to investigate what works and what does not based upon current efforts being performed by various entities, and provide a forum/environment to discuss and resolve challenges in implementing the standards.
Stakeholder contributions to this request will support NCCoE to:
The standards were developed by ISO/IEC Joint Technical Committee (JTC) 1/Subcommittee 17, Cards and security devices for personal identification. The U.S. plays a leading role in JTC 1, Information Technology with ANSI serving as Secretariat, and the InterNational Committee for Information Technology serving as the U.S. TAG administrator for JTC1/SC 17. ANSI is the U.S. member body to ISO.
Outcomes of the project could result in contributions to the ISO standard. In addition, the project will also be a reference implementation of Part 7 of ISO/IEC 18013. NIST reports that the project may influence the policy making process. Ultimately, this project will result in a freely available NIST 1800 Series Cybersecurity Practice Guide, which can be leveraged by organizations to align their digital identity goals towards a standardized, secured, and trustable digital identity.
Access the criteria for responding organizations’ letter of interest in the Federal Register notice. Learn more about the Accelerate Adoption of Digital Identities on Mobile Devices project.
NIST reports that collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than September 28, 2023.