The Kantara Initiative Trust Framework Provider program is the industry leading program that Approves Credential Service Providers (CSPs) and Accredits Assessors.
We formalize trust in key components of the identity infrastructure, as the premier Trust Framework Provider aligned with the US NSTIC program and through similar initiatives outside the US. This grows markets by making trust, assurance and compliance more manageable, improving its quality and repeatability. Kantara Initiative Approves Credential Service Providers (CSPs) and Accredits Assessors.
This program is based upon the Identity Assurance Framework (IAF), which was developed with input from members of the global financial services, government, healthcare, IT and telecom sectors. The Identity Assurance Framework describes the 4 Assurance Levels and Service Assessment Criteria which a Credential Service Provider (CSP or IdP) would be assessed against to become Kantara Initiative Service Approved.
View the Trust Status List to see the Approved CSPs, Accredited Assessors and Registered Applicants.
Hear from Approved CSP, Symantec
IAF Identity Assurance Levels: Snapshot View
|Assurance Level||Example||Assessment Criteria-Organization||Assessment Criteria-Identity Proofing||Assessment Criteria-Credential Management|
|AL 1||Registration to a news website||Minimal Organizational criteria||Minimal criteria – Self assertion||PIN and Password|
|AL 2||Change of address of record by a beneficiary||Moderate organizational criteria||Moderate criteria – Attestation of Govt ID||Single factor; prove control of token through authentication protocol|
|AL 3||Access to an online brokerage account||Stringent organizational criteria||Stringent criteria – stronger attestation and verification of records||Multi-factor auth: cryptographic protocol; “soft”, “hard”, or “OTP” tokens|
|AL 4||Dispensation of a controlled drug or $1M bank wire||Stringent organizational criteria||More stringent criteria – stronger attestation and verification||Multi-factor auth w/ hard tokens only; crypto protocol w/ keys bound to auth process|
NOTE: Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63