~ March 2016 ~

Welcome from the Executive Director

We've built IDESG on the prescience that, when an industry fails to self-regulate its data collection and privacy methods, government intervention is inevitable. Now, in an unprecedented move to rein in companies that manage online traffic, the FCC has proposed some of the strongest privacy regulations in history for broadband providers.

This latest set of rules would force companies like Comcast and Verizon to not only disclose how they collect data on their customers' online activities, but also to secure users' explicit permission to share their data with non-communications partners. The rules also would require companies to make significant improvements to how they secure all data.

In sync with consumer demand for discretionary autonomy over personal information and, clearly, emboldened by its successful effort last year to classify broadband service as a utility, the federal regulator is sending a strong signal to all data collectors: check yourselves, or the government will.

Most companies want to do better when it comes to privacy, but aren't sure how, yet are acutely aware that their data privacy improvements clock is ticking. IDESG's window of opportunity has burst open, so let's cruise right through it.

~ Marc-Anthony Signorino, IDESG Executive Director


Chairperson's Corner

By Kimberly Little Sutherland, Plenary Chair


Let the coming and going of yet another tax season serve as a reminder of the wide set of stakeholders that the can benefit from the work of IDESG, and just how crucial our efforts have become. It was Benjamin Franklin that is credited as saying "In this world nothing can be said to be certain, except death and taxes." Now, identity related issues are certain to be relevant to both issues. As the tax preparation service industry expands alongside the growing number of Americans who file their taxes online, so do the opportunities for cyber-criminals to attempt to exploit the identities of individuals and organizations (living and even deceased).

We all know that over the years we have experienced an exponential growth in data theft and identity fraud, while needing to assert aspects of our identity online more than ever. After all, the necessity from which the IDESG was born speaks to the struggle between protecting our security and privacy and simultaneously increasing the convenience and ease of using online identities. With the Identity Ecosystem Framework's baseline requirements under our belt, we have sharpened and strengthened our strategic plan to streamline the forthcoming Self-Assessment Listing Service (SALS) and cultivate membership from a wide cross-selection of industries.

In support of these continued efforts, on April 12, our Board of Directors will be infused with fresh eyes and new perspectives that will be ready to evolve and execute IDESG's already remarkable vision for protecting and encouraging the use of identities in cyberspace.

This time for the IDESG also reminds me of another Ben Franklin quote -- "Without continual growth and progress, such words as improvement, achievement and success have no meaning." Here's to the continued success of the IDESG!


From the FMO

IDESG committees are working towards a late May release of public beta web tools for identity service provider self-assessments, employing the NSTIC open identity principles using IDESG's Baseline Functional Requirements. IDESG is soliciting alpha-tester identity providers now, for limited testing and interface feedback over the next two months. Our TFTM committee also is discussing additional outreach plans to existing trust frameworks, and third-party assessment communities, during 2016, to incorporate broader sectors of the existing identity ecosystem into its requirements and assessment programs.


From the NSTIC NPO

We took the first steps in fulfilling the commitments we made in the draft release of NISTIR 8103 with the release of two project charters - one on the strength of authentication and the other on attribute metadata and confidence scoring. The charters lay out how we will proceed in developing materials for these advanced identity topics and how we will engage with stakeholders. They also serve as an initial step in helping us evolve the way we build guidance and work with other government agencies and industry.

We see this as an iterative process and we welcome and encourage comments on the approaches we lay out in the charters. We are excited about moving forward with this process and we appreciate the feedback we received at the workshops where so many participants asked us to take this path. General feedback and comments on the NISTIR or the charters can all be sent to


Upcoming Events

IDESG Privacy Coordination Committee Chairperson Jenn Behrens and IDESG Management Council Vice Chair Ian Glazer both will speak at the International Association of Privacy Professionals' (IAPP) Global Privacy Summit, to be held April 3-4 in Washington, DC. Behrens, who sits on the IAPP Women Leading Privacy Advisory Board, will lead 'Women Leading Privacy on the Little Big Stage', a discussion that focuses on confidence and women in leadership positions. View more information on her session here. She also invites interested parties to attend the after-hours Women Leading Privacy networking event. View additional information on Glazer's discussion 'The Maze of Online Retail: Privacy, Security, Notice and Consent' here.

IDESG President Sal D'Agostino will be a featured speaker at the Connected Security Expo (CSE), to be held April 6-8 in Las Vegas, NV. His session, titled Privacy, Usability, Security and Interoperability the Rules of the Connected Road, will examine the evolving set of requirements to conduct global e-commerce. Find more information on the conference here.

IDESG Executive Director Marc-Anthony Signorino will speak (virtually) at the Internet of Things: IoT Slam 2016, to be held on April 28 online. His session will highlight how connected devices significantly expand the spread of identity data information and further complicate efforts to protect it. View more information on his session here.

IDESG will host a three-hour session at the Cloud Identity Summit, to be held June 6-9 in New Orleans, LA. The Summit gathers experts with industry and enterprise presenters to share insights on security trends, challenges and solutions. See more information on this year's CIS here.


Recent Events

Privacy Committee chair Jenn Behrens and NIST senior policy advisor Naomi Lefkovitz spoke about Privacy Risk and Control Design at the 2016 RSA Conference, held February 29-March 4 in San Francisco. View their session page here.

IDESG Executive Director Marc-Anthony Signorino spoke at the annual HIMSS Conference & Exhibition, held February 29-March 4 in Las Vegas, NV. His session explored the prospective mapping of the IDEF to HIPAA and HI TECH, to streamline the SALS application process for healthcare companies, and the importance of extending the identity layer into wearable devices (such as Fitbits and connected scales). View more information on HIMSS16 here.

Have an Event to share?

To share your speaking engagements or presentations with IDESG members, send a hyperlink or attachment to and a link will be included in the next newsletter.

This newsletter was prepared by the Identity Ecosystem Steering Group, Inc. using Federal funds under award 70NANB14H215 from the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST), U.S. Department of Commerce. The statements, findings, conclusions and recommendations are those of the author(s) and do not necessarily reflect the views of NIST, NSTIC or the U.S. Department of Commerce.


This newsletter was prepared by the Identity Ecosystem Steering Group, Inc. using Federal funds under award 70NANB14H215 from the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST), U.S. Department of Commerce. The statements, findings, conclusions, and recommendations are those of the author(s) and do not necessarily reflect the views of NIST, NSTIC, or the U.S. Department of Commerce.