Classic Service |
Our original Class of Approval. Modeled on a generalized interpretation of NIST SP 800-63 rev.2 requirements. |
Component Service |
CSPs that offer an IAL or AAL service. |
Accredited Assessors |
Assessors that have successfully completed the Kantara Accreditation process and are eligible to assess CSPs applying for a Kantara Approval TrustMark. |
Registered Applicant |
CSPs that have submitted an initial application and the application was accepted by the Kantara Assurance Review Board. These CSPs are currently undergoing third-party assessment by a Kantara Accredited Assessor prior to being awarded a Kantara TrustMark as an Approved service. |
Technical |
This Class of Approval does not assess the CSP’s good standing and management/ operational practices; it focuses on the technical provision ONLY. |
Ready to Operate |
A 1-year Approval for an Assessment in which there are no operational records to underpin the quality of the Assessment. A full Triennial assessment must occur after the point in time at which operational records begin to be generated. Once a Triennial assessment has been Approved, the Ready to Operate designation is dropped. |
|
Each Approved service entry links to the applicable service assessment criteria for the Approved assurance level. Use this guidance when reviewing the criterion applicability within each set of criteria: |
‘In scope – Applicable’ |
the functionality, activity or status that is required (or a sub-part thereof) applies to the scope of the subject service and that the CSP provided adequate evidence of conformity. |
‘In scope – Not applicable’ |
the functionality, activity or status that is required (or a sub-part thereof) inherently applies to the scope of the subject service but that there is a reason, with justification, why the clause does actually not apply, and therefore no evidence of conformity was tendered. |
‘In scope – Applicable |
fulfilled by…‘ – the functionality, activity or status that is required applies to the scope of the subject service and that the CSP employs a Pre-Approved Service to accomplish the required need. The Kantara Grant ID which is assigned to the Pre-Approved Service is cited and the SoCA for that service must be one which shows this criterion to be completely ‘In Scope – Applicable‘ (see above). |
‘Not in scope’ |
the functionality, activity or status that is required is expressly outside the scope of the subject service, at least as far as concerning its consideration for Approval. |
|
Guidance taken from Kantara IAF-1340 Service Approval Handbook, v4, §3.3.2. |