Identity Assurance


The Kantara Initiative Trust Framework Provider program is the industry leading program that Approves Credential Service Providers (CSPs) and Accredits Assessors.

We formalize trust in key components of the identity infrastructure, as the premier Trust Framework Provider aligned with the US NSTIC program and through similar initiatives outside the US. This grows markets by making trust, assurance and compliance more manageable, improving its quality and repeatability. Kantara Initiative Approves Credential Service Providers (CSPs) and Accredits Assessors.

This program is based upon the Identity Assurance Framework (IAF), which was developed with input from members of the global financial services, government, healthcare, IT and telecom sectors. The Identity Assurance Framework describes the 4 Assurance Levels and Service Assessment Criteria which a Credential Service Provider (CSP or IdP) would be assessed against to become Kantara Initiative Service Approved.

Quick overview of the Kantara Initiative’s Identity Assurance Program 

View the Trust Status List  to see the Approved CSPs, Accredited Assessors and Registered Applicants.

IAF Identity Assurance Levels: Snapshot View

Assurance Level Example Assessment Criteria-Organization Assessment Criteria-Identity Proofing Assessment Criteria-Credential Management
AL 1 Registration to a news website Minimal Organizational criteria Minimal criteria – Self assertion PIN and Password
AL 2 Change of address of record by a beneficiary Moderate organizational criteria Moderate criteria – Attestation of Govt ID Single factor; prove control of token through authentication protocol
AL 3 Access to an online brokerage account Stringent organizational criteria Stringent criteria – stronger attestation and verification of records Multi-factor auth: cryptographic protocol; “soft”, “hard”, or “OTP” tokens
AL 4 Dispensation of a controlled drug or $1M bank wire Stringent organizational criteria More stringent criteria – stronger attestation and verification Multi-factor auth w/ hard tokens only; crypto protocol w/ keys bound to auth process

NOTE: Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63