Government agencies play a crucial role in digital identity, setting policy, establishing requirements, conducting pilots, and ultimately accepting verifiable digital credentials for official purposes. In the United States, several federal agencies shape the direction and adoption of digital identity systems.
Department of Homeland Security (DHS)
The Department of Homeland Security (DHS) is the federal agency responsible for border security, public safety, and the protection of critical infrastructure. In the digital identity space, DHS sets federal policy and coordinates how identity technologies are evaluated and adopted across its component agencies.
DHS oversees the REAL ID program, which establishes baseline security standards for state-issued driver’s licenses and identification cards. Beyond physical IDs, the department is actively exploring how verifiable digital credentials (VDCs) can support secure, privacy-preserving identity verification in federal contexts.
Through initiatives such as the Silicon Valley Innovation Program (SVIP) and the DHS Science & Technology Directorate, the department has funded and piloted work on verifiable digital credentials for use cases including immigration and other high-assurance identity scenarios. These efforts focus on interoperability, security, and privacy-by-design.
As the lead department for federal identity acceptance, DHS plays a central role in determining which digital credentials may be used across federal agencies and facilities. Its research, pilots, and standards engagement help shape how emerging credential types can be safely adopted at scale, balancing accuracy, accessibility, and civil liberties.
Transportation Security Administration (TSA)
The Transportation Security Administration, part of DHS, is responsible for security at airports and other transportation systems. TSA is a critical driver of mDL adoption because it determines which credentials are accepted at airport security checkpoints.
TSA currently accepts mobile driver's licenses at over 250 security checkpoints across participating states. Through its mDL/mobile ID acceptance and testing processes, TSA evaluates participating programs for operational and technical readiness (including interoperability and security expectations) before broader checkpoint use. States seeking TSA acceptance for their mDLs must demonstrate conformance with ISO/IEC 18013-5 standards through TSIF testing.
TSA's acceptance requirements provide a benchmark that influences how states implement verifiable digital credentials, ensuring consistency and security across the national aviation system.
National Institute of Standards and Technology (NIST)
NIST is a non-regulatory agency within the U.S. Department of Commerce that promotes innovation, industrial competitiveness, and cybersecurity through standards, measurements, and technology guidance. In digital identity, NIST provides the authoritative guidelines that federal agencies and many private organizations follow.
NIST Special Publication 800-63 (Digital Identity Guidelines) covers identity proofing, authentication, and federation. The guidelines define assurance levels that help organizations match security requirements to risk, and the latest revision reflects the shift toward verifiable digital credentials and modern authentication methods. Federal agencies must comply with NIST guidelines, and many private sector organizations use them as best practices.
NIST's National Cybersecurity Center of Excellence (NCCoE) convenes banks, state agencies, and technology providers to test interoperable digital identity solutions. The NCCoE's online mDL initiative stress-tests how DMVs, financial institutions, and wallets can work together using ISO/IEC 18013-7 standards for Know Your Customer compliance.
State agencies: DMVs as issuers
While federal agencies set policy and requirements, State Departments of Motor Vehicles serve as the primary issuers of driver's licenses and state identification cards. DMVs are responsible for verifying the identity of applicants, issuing credentials securely, and maintaining accurate and authoritative records.
As states implement mobile driver's licenses, DMVs become digital credential issuers, provisioning mDLs to residents' devices, managing credential lifecycles, and working with federal partners to ensure their credentials meet acceptance requirements. States like California, Utah, Colorado, and Arizona have deployed mDL programs that demonstrate how state agencies can modernize credentialing while maintaining security and privacy.
State-Endorsed Digital Identity Beyond the Driver’s License
While DMVs remain essential issuers of foundational credentials, they are no longer the sole drivers of digital identity strategy. Increasingly, state Offices of the Chief Information Officer (CIO), Departments of Technology Services (DTS), and central IT authorities are leading efforts to modernize identity as shared civic infrastructure.
These offices oversee statewide IT strategy, cybersecurity, and shared services, positioning them to design identity systems that span agencies and use cases. A key shift in these programs is the intentional decoupling of digital identity from privilege-based credentials such as driver’s licenses, which confer the legal right to operate a vehicle but are not universal or appropriate for all digital interactions.
Rather than treating the driver’s license as the default digital identity, some states, in a coalition led by Utah, are advancing a state-endorsed digital identity (SEDI) strategy that residents can use regardless of whether they drive. This approach expands inclusion, supports non-drivers, and allows identity assurance to be aligned with the risk of each transaction.
Most of these efforts build on existing statewide single sign-on (SSO) platforms and identity gateways. These systems already provide a unified access layer across agencies, brokering authentication and authorization with consistent policy enforcement. Increasingly, states are exploring how verifiable digital credentials (VDCs) can integrate with these gateways, moving beyond usernames and passwords toward cryptographically verifiable, user-controlled proofs.
At lower assurance levels, states are beginning to design shared credential frameworks for permits, passes, licenses, and eligibility credentials, such as professional permits, park passes, or benefit attestations. Issued by individual agencies but governed centrally, these credentials rely on common infrastructure and standards. When implemented, this model increases security and predictability for residents while reducing system duplication and long-term costs across agencies.
Utah illustrates this direction. Through its SEDI vision and related initiatives, Utah is laying the policy and technical groundwork for supporting multiple credential types issued by different agencies, including lower-assurance credentials such as off-road vehicle permits. While Utah’s SEDI program is still in the exploratory phase, the model illustrates how shared standards and infrastructure could support both standalone credential use for low-risk scenarios and tighter integration with statewide SSO for higher-assurance use cases.
This layered model (combining SSO, identity gateways, and verifiable digital credentials) allows states to modernize identity incrementally, without forcing every use case into a single credential or assurance level. Identity becomes reusable, privacy-preserving infrastructure, matched to purpose and risk, rather than being tied exclusively to the privilege of driving.
Collaboration across agencies
Digital identity requires coordination across government levels. DHS sets federal acceptance standards, TSA implements them at checkpoints, NIST provides technical guidance, and state DMVs issue credentials. This collaboration ensures that a mobile driver's license issued in Nevada can be verified at a TSA checkpoint in Florida, or that a Utah digital credential meets requirements for federal building access.
The Department of Homeland Security's collaboration with NIST and TSA, working with states and standards bodies, exemplifies how government agencies coordinate to define interoperable frameworks that make digital identity practical and trustworthy.
Want to keep learning?
Subscribe to our blog.
