ANSI Presentation Template

1

DOCUMENT GSC14-PLEN-068
FOR For Information
SOURCE ANSI
AGENDA ITEM Agenda Item 10, Information Sharing Subjects, ID Management
CONTACT(S) Joe Bhatia, ANSI rep to GSC-14
Submitted as an Information Sharing Subject (ISS)
for the High Interest Subject of ID Management
and Identification Systems Open Agenda 6.4
2

ANSIs Identity Theft Prevention and Identity
Management Standards Panel (IDSP)
Information Sharing Subject From ANSI
Submitted for Joe Bhatia ANSI representative to
GSC-14
3
What is IDSP?

• Cross-sector coordinating body whose objective is
  to facilitate the development, promulgation and
  use of standards and guidelines to combat ID
  theft and fraud
• Identify existing standards, guidelines and best
  practices
• Analyze gaps, need for new standards, leading to
  improvements
• Make recommendations widely available to
  businesses, government, consumers

4
IDSP Deliverables

• Plenary meetings for information sharing on work
  underway / networking for active members and
  those new to the Panels work
• Workshops that evolve from the plenary meetings
  and Steering Committee discussions that further
  explore particular aspects of the issues
• Reports presenting findings and recommendations
  from the Workshops which in turn may drive future
  standards development activity
• IDSP itself does not develop standards

5
Steering Committee Composition

• Chairman
• James Lee, C2M2 Associates
• Secretary
• Jim McCabe, ANSI
• Sustaining Partners

6
Steering Committee Composition

• Contributing Members
• Affinion Group
• ARMA International
• Coalition for a Secure Drivers License
• Debix
• General Services Administration
• ID Experts

• ID Watchdog
• Krolls Fraud Solutions
• North American Security Products Organization
• TASCET Identity Network
• TrustedID, Inc
• Underwriters Laboratories, Inc.

7
Steering Committee Composition

• At-Large Members
• Department of Homeland Security
• Institute for Consumer Financial Education
• Liberty Alliance
• National Institute of Standards and Technology

8
Funding / Membership

• IDSP is funded through private and public sector
  sponsorships and participation fees
• Sponsorship provides appropriate recognition and
  a seat on the Panel Steering Committee for those
  who want a more visible and active role in
  shaping the Panels direction.
• Membership is open to all affected parties
• Representatives of the business community and
  relevant trade associations, vendors of identity
  theft protection services, information security
  specialists, industry analysts, government
  issuers and regulators, standards developing
  organizations, consumers and public interest
  groups, and academia participate, providing a
  range of perspectives

9
ANSI-BBB IDSP Phase 1

• A 16 month effort September 13, 2006 to January
  31, 2008
• Co-administered by the American National
  Standards Institute (ANSI) and the Better
  Business Bureau (BBB)
• Founding Partners ATT ChoicePoint Citi Dell
  Inc. Intersections, Inc. Microsoft Staples,
  Inc. TransUnion and Visa Inc.
• 165 representatives from 78 organizations
• 3 Working Groups explored life cycle of identity
  issues
• Issuance of identity documents by government and
  commercial entities
• Acceptance and exchange of identity information
• Ongoing maintenance and management of identity
  information

10
ANSI-BBB IDSP Report (Jan 31, 2008)

• Summary
• Excerpt from Volume I Findings and
  Recommendations
• Volume I Findings and Recommendations
• Findings and recommendations for areas needing
  new or updated standards, guidelines, best
  practices or compliance systems
• Volume II Standards Inventory
• Catalog of existing standards, guidelines, best
  practices and compliance systems
• Available for free download at www.ansi.org/idsp
  along with replay of Webinar with industry
  analysts

11
Volume I Findings and Recommendations

• Enhance security of identity issuance processes
  to facilitate greater interoperability between
  govt and commercial sectors
• Improve integrity of identity credentials
• Strengthen best practices for authentication
• Augment data security management best practices,
  e.g., on the use and storage of Social Security
  numbers
• Create uniform guidance for organizations on data
  breach notification and remediation
• Increase consumer understanding of ID theft
  preventative strategies, including benefits and
  limitations of security freezes

12
Volume II Standards Inventory

• Catalogues . . .
• Existing Standards, Guidelines and Best Practices
  
• PRIVATE AND PUBLIC SECTOR
• Laws / Regulations
• Proposed Legislation
• White Papers
• Conformity Assessment Programs
• Glossaries of Identity Terms
• Research Studies / Reports

13
ANSI IDSP - Phase 2 Charter (April 2008)

• Monitor / facilitate implementation of Panels
  recommendations
• Continue to investigate new areas
• Provide a forum for information-sharing and
  cross-sector dialogue
• Produce a progress report in one year

14
Workshop 1 Identity Verification Standards
(Launched July 2008)

• Fraudsters exploit circularity of agencies
  relying on but not authenticating primary USA
  identity documents issued by other agencies
  (birth certificates, Social Security numbers /
  cards, state-issued drivers licenses / ID cards)
• Issuers of such documents need a process by which
  they can achieve a level of assurance whether to
  accept or reject a persons claim of identity
• Guidelines on identity verification should be
  developed with a view toward eventual development
  of an American National Standard
• Project team developing guidelines led by NASPO
  (North American Security Products Organization)
  members include NIST, DHS, GSA, NAPHSIS, AAMVA,
  Colorado Dept. of Revenue, Coalition for a Secure
  Drivers License et al.
• Workshop report and guidelines anticipated in the
  near term

15
Workshop 2 Measuring / Reporting on Identity
Theft (Launched Feb 2009)

• Controversies about research methodologies make
  it difficult to measure how well the marketplace
  is doing in combating identity theft and fraud,
  posing a challenge to industry, law enforcement
  and consumers
• Workshop question Is a common standard for
  measuring / reporting on ID theft desirable and
  feasible?
• Same question with respect to methods for
  measuring data breach trends, ID theft protection
  services and information security solutions
• 3 WGs set up to study definitions, research,
  methodologies
• Workshop report anticipated soon

16
Third IDSP Plenary Meeting (April 2009)

• A point-in-time look at the state of ID theft
  prevention and ID managementprogress made / work
  still needed. Topics
• Best practices for measuring identity theft
• Implementation of FTC red flag rules
• Customer authentication and use of Social
  Security numbers
• The need for identity verification guidelines
• Identity assurance life-cycle management
• Biometric implementation use cases
• Medical identity theft
• Whats on the horizon for ID theft prevention and
  ID management. 
• Post-meeting survey circulated on future work
  program

17
Related International Activities Privacy

• ISO/TMB task force (TF) exploring standards on
  privacy, with focus on protection of personally
  identifiable information and fair information
  handling
• IDSP chair leads virtual U.S. TAG which advises
  ANSIs expert to the TF (Mark MacCarthy,
  Georgetown University formerly w/Visa Inc.) /
  reports to ANSI ISO Council (AIC)
• TF surveyed ISO TCs et al on current / potential
  privacy work
• Report targeted for September TMB meeting

18
Related International Activities Counterfeiting
/ Fraud

• ISO TMB has established ISO/TC 247 Fraud
  countermeasures and controls and allocated
  Secretariat to ANSI
• ANSI advanced proposal for this new TC based on
  public comment, IDSP / AIC input
• Brought by ANSI member North American Security
  Products Organization (NASPO)
• Standardization in the field of the detection,
  prevention and control of identity, financial,
  product and other forms of social and economic
  fraud

19
To participate /For more informationwww.ansi.or
g/idspJim McCabe212-642-8921jmccabe_at_ansi.org