Q. What triggered the whole NSTIC thing?
When the Obama administration came into office in 2008, it started a cyber security review. Password re-use was identified as a real threat. Simply put, the fact that people use the same password for multiple sites where they also use the same user-name, likely their e-mail address, is a vulnerability. People use the same password at a small unimportant site with low security where, if compromised, the same user-name/password combination would work to access their accounts on more important and secure sites. This is a vector for privacy, identity theft, and national security.
One result of the cyber security review was the development of a National Strategy for Trusted Identities in Cyberspace (NSTIC).
Another thread that lead to NSTIC was the ongoing work of the Federal Identity and Access Management (FICAM) sub-committee of the Chief Information Officer Council within the General Services Administration. They were working on the challenges of how to support citizens logging into government sites (Departments of Health, Education, Social Security Administration, etc.) to access services government services. These agencies often don’t need to know who a citizen is when offering them services, like looking up things in a government library. When it comes to sharing records with a citizen, like tax or educational loans or anything very personal, the government must assure the citizen is who they say they are. NSTIC is supporting a larger conversation about how to enable government trusting private sector issued credentials used by citizens to login to government sites to access services.