| Entities | |
| Topics and Issues | Identity Management/Authentication (7) Identity theft (12) |
In August 2022, Congress passed H.R. 4346, which included the CHIPS Act. That Act contains a provision for digital identity management research.
Section 10225 of the CHIPS Act (digital identity management research) amends Section 504 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7464, Identity management research and development). Under the CHIPS Act, the Director of the National Institute of Standards and Technology (NIST)
(a) IN GENERAL.—The Director [of the National Institute of Standards and Technology (NIST)] shall carry out a program of research to support the development of voluntary, consensus-based technical standards, best practices, benchmarks, methodologies, metrology, testbeds, and conformance criteria for identity management, taking into account appropriate user concerns to—
(1) improve interoperability and portability among identity management technologies;
(2) strengthen identity proofing and verification methods used in identity management systems commensurate with the level of risk, including identity and attribute validation services provided by Federal, State, and local governments;
(3) improve privacy protection in identity management systems; and
(4) identity management systems.
(b) DIGITAL IDENTITY TECHNICAL ROADMAP.—The Director, in consultation with other relevant Federal agencies and stakeholders from the private sector, shall develop and maintain a technical roadmap for digital identity management research and development focused on enabling the voluntary use and adoption of modern digital identity solutions that align with the four criteria in subsection (a).
(c) DIGITAL IDENTITY MANAGEMENT GUIDANCE.—
(1) IN GENERAL.—The Director shall develop, and periodically update, in collaboration with other public and private sector organizations, common definitions and voluntary guidance for digital identity management systems, including identity and attribute validation services provided by Federal, State, and local governments.
(2) GUIDANCE.—The Guidance shall—
(A) align with the four criteria in subsection (a), as practicable;
(B) provide case studies of implementation of guidance;
(C) incorporate voluntary technical standards and industry best practices; and
(D) not prescribe or otherwise require the use of specific technology products or services.
(3) CONSULTATION.—In carrying out this subsection, the Director shall consult with—
(A) Federal and State agencies;
(B) industry;
(C) potential end-users and individuals that will use services related to digital identity verification; and (D) experts with relevant experience in the systems that enable digital identity verification, as determined by the Director.