Skip main navigation

Introduction to Guidance and Standards (Continued)

In this video, you will learn about other key standards used in the IdAM context.
In the United States in 2011, the United States government established the National Strategy for Trusted Identities in Cyberspace. This was an attempt to create trust and a standardized identity on the internet. It sought to ensure privacy of those identities, the security of transactions related to those identities, to make sure that they could be interoperable between different services, and therefore, ensuring a cost effective approach. So, these were the four founding principles of the initiative. It struggled with widespread adoption. Single credentials across government services in most countries are still not present. In one of our case studies, the second of our four case studies, we will look at Estonia, which actually is seen as a world leader in this area.
They have actually got that single ID across the public sector and the private sector. In 2007, the National Strategy for Trusted Identities in Cyberspace saw the launch of And so, this was an environment where individuals could access all government services through a single site. Again, there has been some concerns raised around privacy when using a single identity online. Could people use it for tracking? Some of the standards that we’ll reference as well, we have the NIST Cybersecurity Practise Guide 1800-2 on Identity and Access Management for Electric Utilities. Utilities have become increasingly newsworthy recently as security attacks have focused on them as part of a nation’s critical national infrastructure.
There is also research for the next generation of biometric measurements and standards, NGBMS for Identity Management. How can we use biometrics more effectively? And we’ve seen biometric-use spiral over the past 10 years. Ten years ago it was unusual to see a fingerprint reader. Now most smartphones have some form of biometric recognition, whether it’s face recognition, fingerprints. One final standard we should be aware of relates to the use of cryptography. And this is a collection of different standards, different countries have different approaches here. But typically, there are restrictions on the export of strong cryptography.
When we move to look at SSL in section 11, we will see why this becomes important, in part because technologies like SSL and TLS require as strong an encryption as possible. And where we see a requirement to drop that back to a lower strength cryptography, it can present a vulnerability. And we see this with some attacks on SSL and TLS especially.

In this video, you will learn about other key standards used in the IdAM context.

Key standards are:

  • National Strategy for Trusted Identities in Cyberspace
  • NIST Cybersecurity Practice Guide 1800-2
  • Research for Next Generation Biometric Measurements and Standards (NGBMS) for Identity Management
  • Export Cryptography

Reflect and share: Why do you think other countries have been slow to adopt single-credential government services? Share with your fellow learners.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education