The National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office (NPO) recently funded three pilots that will be testing privacy-enhancing cryptography in different use cases and settings as well as two pilots that use alternative non-cryptographic based privacy features. In addition, the NPO has been involved in the development of a project to pilot a Federal Cloud Credential Exchange (FCCX) which also will leverage privacy-enhancing cryptography. A key unmet need is an independent and objective assessment of these pilots that compares and contrasts the usability and privacy performance of the different approaches taken in each pilot, as well as the successes and difficulties each pilot faced in its tests in the marketplace.
The NIST Small Business Innovation Research (SBIR) program is offering small businesses the opportunity to apply for a contract to perform this assessment of the NSTIC pilots and of the FCCX. The goals of this activity are to:
- Perform an independent analysis and comparison of each of the pilots, looking at the usability and privacy performance of the different approaches taken in each pilot;
- Perform an independent analysis and comparison of each of the pilots, looking at the successes and difficulties each pilot faced in its tests in the marketplace;
- Design and, if feasible, conduct usability and performance tests for privacy technologies and features for selected pilots;
- Perform a gap analysis of existing standards and research, in order to help identify requirements for identity management efforts (e.g., standards and research work in security, interoperability, usability, etc.).
This assessment will help maximize the lessons learned by the pilots on usable security and privacy in the Identity Ecosystem and provide valuable data to the Identity Ecosystem Steering Group (IDESG) as it engages in developing the Identity Ecosystem Framework, including components related to usability. Additionally, the assessment can help guide the NSTIC NPO in evaluating the usability of project proposals for potential additional pilot grant funding in 2013.
For information on the NSTIC SBIR opportunity, how to apply, and for contact information, click here. The NSTIC opportunity on “Comparison of Privacy-enhancing Technologies and Features” may be found on pages 40-43 of the solicitation document. All questions about the solicitation and subtopics should be directed to the Q&A function on the NIST SBIR website (www.nist.gov/sbir).
For more information on the NSTIC, click here.
Background on the SBIR Program
The SBIR program (http://www.sbir.gov/) was originally established in 1982 by the Small Business Innovation Development Act (P.L. 97-219). Subsequent legislation has extended the program until September 30, 2017. Eleven federal agencies set aside a portion of their extramural research and development budget each year to fund research proposals from small science and technology-based firms.
The SBIR Program goals are:
- To increase private sector commercialization of innovations derived from federal R&D;
- To use small business to meet federal research and development (R&D) needs;
- To stimulate small business innovation in technology; and
- To foster and encourage participation by minority and disadvantaged persons in technological innovation.