NSTIC announces new round of funding for password-killing projects

The National Strategy for Trusted Identities in Cyberspace, which is overseen by NIST, announced it is seeking pilot projects for its fourth year of funding.

Want to rid the world of passwords? The National Institute of Standards and Technology wants to hear from you.

The National Strategy for Trusted Identities in Cyberspace, or NSTIC, which is overseen by NIST, announced it is seeking to fund pilot projects for the fourth year.

According to a blog post on the NSTIC website, program head Jeremy Grant is looking for projects that ‘ultimately address barriers to the identity ecosystem and seed the marketplace with ‘NSTIC-aligned’ solutions to enhance privacy, security and convenience in online transactions.’

A federal funding opportunity notice posted along with the announcement details areas identity solution projects need to cover if they are to be considered for grants: They must be voluntary, ‘privacy-enhancing,’ secure, interoperable and cost-effective.


Grant winners will be given a two-year award ranging between $1 million and $2 million. NIST does not say how many grants it will issue, but it has given away between three and five grants each year over the project’s lifespan.

This year, NSTIC is looking for projects that address the following:

  • Concerns about the impact on privacy and civil liberties arising from the crossing of contextual boundaries and the capacity for more tracking and profiling inherent in federated identity solutions.
  • The usability of strong authentication technologies.
  • Balancing transparency to individual users and ease-of-use.
  • Building security, privacy and usability into commonly used architectures (e.g., RESTful API architectures) to manage access to personal data.
  • Limited deployment of successful trust frameworks – especially addressing multiple sectors.
  • Lack of commonly accepted technical standards for interoperability among solutions.
  • Lack of strong authentication solutions that can be used across multiple sectors and relying parties (RPs).
  • Lack of clarity on liability and other complex economic issues (e.g., ‘who is liable if something goes wrong in a transaction?’ ‘How u2013 if at all u2013 should transactions be monetized?’).

The program aims to eliminate the password altogether by the year 2020. Last year, FedScoop talked to Grant about how passwords often stymie app adoption in the federal government.

‘Passwords are a disaster from a security perspective,’ Grant said in a September FedScoop article. ‘We want to shoot them dead.’


Read more about this year’s project funding on the NSTIC website.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts