Public Sector Identity Assurance Guidelines and Standards
Identity assurance is a consistent requirement for how the public sector delivers services to its customers. While there are great many similarities in how global jurisdictions approach this, there are also interesting differences. This blog post provides pointers to some of those national standards and guidelines.
As part of my personal goal of expanding the ‘hiking and backpacking + federated identity’ dream globally, I actively track the public sector identity work in Australia, Canada, U.K, U.S and New Zealand. I also track others, but they tend to be more opportunistic.
At the same time, given the ever-changing landscape, the areas that I focus on are:
- Identity risk assessment approaches
- Token/Credential strength approaches
- Identity validation and verification approaches
- Relying party compensating control approaches
Here are the pointers to the jurisdiction specific standards and guidelines, that I am aware of, that focus on the above areas:
Australia
- National e-Authentication Framework BPG 1: Identity e-Authentication (PDF)
- National Identity Proofing Guidelines
Canada
- Standard on Identity and Credential Assurance
- Guideline on Defining Authentication Requirements
- User Authentication Guidance for IT Systems
New Zealand
U.K
- GPG 43: Requirements for Secure Delivery of Online Public Services
- GPG 44: Authentication Credentials in Support of HMG Online Service
- GPG 45: Validating and Verifying the Identity of an Individual in Support of HMG Online Services
U.S
- OMB 04-04 E-Authentication Guidance for Federal Agencies (PDF)
- NIST SP Electronic Authentication Guideline 800-63-2 (PDF)
If you have corrections to offer to the listing for the jurisdictions above, or information on the identity assurance practices of other jurisdictions, please leave a pointer in the comments.
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.