Concept of Operations
Trust Framework Solutions Program
Nov 17, 2017
Digital transactions expose users to a wide range of security threats. The government’s priority is to implement security and privacy measures while balancing the need for information sharing and a user-friendly experience.
The Trust Framework Solutions Program (Program) was established to align and approve Frameworks that have similar business, legal, and technology rules governing their community of Credential Service Providers (Providers) with those of the federal government. The Program also seeks to:
● Ensure the Trust Frameworks alignment to standards and processes; and
● Provide a comprehensive marketplace for federal agencies to acquire and accept credential services suited to their individual mission.
This document is for:
● Trust Frameworks (commercial, not federal) who would like to establish a relationship with the Federal Government;
● Providers that are members of certified Trust Frameworks and are seeking to offer credentials to federal agencies;
● Auditors who are analyzing the Trust Frameworks and their Providers; and
● Federal agencies who would like to understand how Trust Frameworks are certified.
This document outlines the mission, goals, and objectives for the Trust Framework Solutions Program, Trust Frameworks, and their respective members.
The purpose of the GSA Trust Framework Solutions Program is to enable identity federation for the Federal Government by leveraging Trust Frameworks that provide cost-controlled identity and authentication assurance services.
A Trust Framework enables an ecosystem or marketplace that is interoperable, secure, and allows users to share reliable identity information. Trust Frameworks provide a starting point from which a Community of Interest (COI) can organize participation from their constituency to customize and implement the business, legal, technical, privacy, certification, and audit components of their Trust Framework specification.
The Program certifies Trust Frameworks that show comparability to Federal Government policies, legal/business procedures, security, and interoperability standards.
Figure 1: Aligning Trust Frameworks
This certification by the Trust Framework Solutions ensures auditing and interoperability testing is being conducted accurately and consistently, allowing the Federal Government to trust credentials issued by Providers in the Trust Framework’s ecosystem.
Figure 2: Ensuring Alignment for Interoperable Credentials
Additionally, the Program is responsible for establishing and maintaining relationships with federal agencies to:
● Identify and fill gaps for credential needs within the Federal Government; and
● Provide recommendations to agencies by identifying a suitable Trust Framework that best serves the agency’s use case and mission needs.
The Program aims to respond to government-wide issues by updating credential policies and practice statements to address and define credential components not specified in standards. It also establishes one location and focal point to enact policy, business, and technical remediation. The figure below depicts how the Trust Framework Solutions interacts with agencies to develop policy updates to address agency needs and communicates those changes to the Trust Frameworks who then incorporate the updates into their requirements for their member Providers.
Figure 3: Program Process Flow
Additionally, the Trust Framework Solutions publishes and avails federal agencies with credential service options based on both the FPKI and non-FPKI standards, servicing a broad community of stakeholders.
The Trust Framework Solutions Program will implement new program procedures and practices in iterations. These iterations reflect progressive maturity in delivering the services to federal agencies, and the necessary time to involve stakeholder throughout the process. Below outlines the expected milestones for a mature Program.
Federal Government published guidance around digital services in the pursuit of security. Office of Management and Budget Memo on "Streamlining Authentication and Identity Management within the Federal Government"  :
● E-Government Act 2002;
● Office of Management and Budget Memo “Continued Implementation of Homeland Security Presidential Directive 12” (M-11-11)  ;
● Office of Management and Budget Memo on Policies for Federal Agency Public Websites (M-05-04)  ;
● National Institute of Standards and Technology Special Publication 800-63-3;
● National Institute of Standards and Technology Special Publication 800-53  ; and
● OMB Circular A-130.
Any questions regarding the Program can be sent to: ICAM@gsa.gov