Recently, the National Institute of Standards and Technology (NIST) announced over $9 million in grants to five U.S. entities to develop technologies to “pilot identity solutions that increase confidence in online transactions, prevent identity theft, and provide individuals with more control over how they share their personal information.”  Funded projects will address issues including commerce,

The U.S. Department of Commerce’s National Institute of Standards and Technology on Tuesday released a final version of its guidelines for how organizations — particularly federal agencies — should manage security and privacy concerns when considering the use of public cloud-computing services. Public cloud services, unlike private clouds, require users to store their data on the provider’s shared equipment rather than on the organization’s own servers.

The new NIST security guidelines do not recommend any particular services, providers, or service models; instead, the guidelines highlight the steps organizations should take and the issues they should consider when evaluating any public cloud service.

Continue Reading NIST Issues Guidelines on Public Cloud Security, Privacy

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies.  The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and

Government agencies maintain large quantities of information about individuals, covering everything from physical description to the person’s family life, property, political activity, employment history, criminal records, and health condition.  In a light of a recent finding that reports of information-security incidents at federal agencies have increased more than 650 percent over the past five years, it is unsurprising that data-handling requirements for government entities and contractors are a subject of ongoing concern.  A roundup of recent developments:

  • A recent General Services Administration (“GSA”) cloud computing procurement solicitation attempted to address data security concerns by limiting the foreign countries where vendors’ servers could be located, but this requirement was rejected on October 17 as unduly restrictive.  Noting that the GSA had failed to explain its basis for differentiating between acceptable and unacceptable locations, the Government Accountability Office (“GAO”) recommended that the solicitation be revised to reflect the agency’s actual needs. 
  • On October 18, Sen. Daniel Akaka (D-HI) introduced the Privacy Act Modernization for the Information Age Act of 2011 to strengthen privacy protections for government records.  Among other things, the bill would create a federal chief privacy officer position, update penalties for violating the Privacy Act, and establish a centralized website for information about records maintained by individual agencies. 


Continue Reading Privacy and Security Requirements for Handling Government Records Under Scrutiny

On Friday, the Obama Administration unveiled the final draft of its ambitious National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to develop new and more secure systems for identity authentication online, creating  new “Identity Ecosystem.”  Secretary of Commerce Gary Locke as well as other officials unveiled the NSTIC (pronounced “en-stick”), which is signed by President Obama, at an event at the U.S. Chamber of Commerce.

As the NSTIC explains, on the Internet as it exists today, individuals must maintain numerous passwords for different websites which they use.  This imposes risks and burdens on consumers and businesses alike.  Moreover, the NSTIC describes how the absence of highly reliable authentication methods has hindered the ability of high-risk sectors like health and finance to migrate their services online.

Continue Reading Obama Administration Unveils Identity Ecosystem Vision

A few months ago, the Obama Administration introduced its National Strategy for Trusted Identities in Cyberspace (NSTIC), an ambitious proposal to implement public-private partnerships to implement a new mechanism for identity verification and information sharing online.  The plan has been controversial.  Although there have been many legitimate criticisms of the