US GSA requests info on ID proofing market to meet NIST standard

A market survey for ID proofing has been posted by the U.S. General Services Administration to set up future purchases. The survey of credential service firms is part of a request for information and is a bureaucratic means for categorizing goods and services the government will buy.

Information gathered in the exercise will be used to create a special item number, or SIN, which is used to categorize the component services for government customers. The category will standardize components, including identity authentication, proofing, federation and management.

The GSA wants to know about services that comply with the NIST SP 800-63 digital identity standard.

The agency has been struggling to implement identity verification for its Login.gov service that meets the 800-63 standard’s Identity Assurance Level 2. IAL2 requires in-person proofing or a biometric comparison.

The survey itself has been posted. Questions include:

“What certifications, if any, should be required for this SIN (e.g., Kantara, FedRAMP, OIX (future)?

“Aside from NIST SP 800-63, what other compliance references would you recommend (NIST documentation, Office of Management and Budget memoranda, etc.)?

“What are the common risks and issues encountered when implementing component or full credential services?

“What integration risks and issues are overlooked by customers when evaluating component or full-credential services?

“Are there any third-party entities aside from the Kantara Initiative that we should consider for certifying NIST 800-63 compliance?”

The NIST SP 800-63 standard is also in the midst of an update, including more stringent biometric accuracy requirements.

Article Topics

biometrics  |  digital government  |  digital identity  |  GSA  |  identity assurance  |  Login.gov  |  RFI  |  U.S. Government