Join. Innovate. Trust.

Identity Assurance Framework

ARB Notice regarding KIAF-1340 Service Approval Handbook, 2020-03-30

In light of the present SARS-COV2/COVID-19 virus pandemic the ARB has reviewed the Service Approval Handbook §6.1.3, §8.1.3 and §9.1.3 (which state requirements under which Assessors SHALL include  site  visits  in  their  assessment  program)  and  determined  that, until  this  notice  is  rescinded, any Kantara requirements that assessors visit CSPs’ premises or meet face-to-face with personnel are suspended.
While it understands that assessments already utilize a high degree of efficient use of on-line conferencing applications the ARB hereby requests that, in lieu of these above-cited requirements, assessors and CSPs use their best endeavours, given their respective business operation restrictions, to formulate a plan for a virtual inspection to the fullest extent practical, including remote video, of CSP premises. Assessors SHALL, in their KARs, describe the steps that have been taken to substitute for actual on-site visits and describe any limitations which have been imposed.

 

Document Status Notice

The Kantara Identity Assurance Framework is a set of controlling documentation.
Documents may evolve independently.
The set may contain varying version numbers in the document set.
The current approved version of each document is always listed here.

Table of Contents

  1. Identity Assurance Framework Overview
  2. Documentation for Service Provider Approval (current approved versions)
  3. Documentation for Assessor Accreditation (current approved versions)
  4. Archives (old versions)

Identity Assurance Framework Overview

Title
IAF-1050 Glossary and Overview
1 file(s)
INFORMATIVE for Service Providers and Assessors 
  • Kantara Initiative’s Identity Assurance Framework (IAF) consists of policies, processes, reference materials and criteria which together define an Approval scheme for organizations operating services which provide Identity and Credential Management functions.
  • Approval is based on independent third-party assessments, performed by Kantara-Accredited Assessors, of the subject services, to determine those services’ conformity to the applicable criteria.
  • KIAF 1050 Glossary and Overview provides a Glossary of terms used within the IAF for the purposes of conveying specific meanings and an Overview of the IAF and its constituent parts, both organizationally and in terms of the available reference documents.
1.0

Service Provider Approval (CSP Full or Component Service)

First, please read Kantara Classes of Approval and High Level View of the Kantara Service Provider Approval Process

Applicants should be fully familiar with, inter alia, Kantara’s: Service Approval Handbook; Service Assessment Criteria, available below. 

Process Documents

Title
KIAF 1340 – Service Approval Handbook
1 file(s)
NORMATIVE
  • KIAF 1340 - Service Approval Handbook defines the obligations upon Applicant and Approval-holding CSPs, the ARB and its Secretariat, and Accredited Assessors, with regard to the Approval assessment and application processes.
2.0

 

Available Service Assessment Criteria for Identity & Credential Management Systems

Service Assessment Criteria Sets for Classic and NIST 800-63 rev.3 (Full and Technical) Classes of Approval

Title
KIAF‐1430 63A_SAC – Service Assessment Criteria
1 file(s)
NORMATIVE 
  • KIAF 1430 - 63A_SAC Specification sets forth KI's Service Assessment Criteria for assessments against the requirements of NIST's SP 800-63A as published 2017-12-01 (with errata) at IAL2, to be generally referred-to as the '63A_SAC'.
  • For NIST 800-63 rev.3 Class of Approval 
  • Note: This document is available for Kantara Corporate Members Only.
  • Please fill out the form to receive the KIAF 1430 NIST SP 800-63A Service Assessment Criteria
[contact-form-7 id="7505" title="IAF Downloads"]
3.1.0
KIAF-1440 63B_SAC – Service Assessment Criteria
1 file(s)
NORMATIVE 
  • KIAF 1440 - 63B_SAC Specification sets forth KI's Service Assessment Criteria for assessments against the requirements of NIST's SP 800-63B as published 2017-12-01 (with errata) at AAL2, to be generally referred-to as the '63B_SAC'.
  • For NIST 800-63 rev.3 Class of Approval 
  • Note: This document is available for Kantara Corporate Members Only.
  • Please fill out the form to receive the KIAF 1440 NIST SP 800-63B Service Assessment Criteria
 [contact-form-7 id="7505" title="IAF Downloads"] 
3.0
KIAF-1410 CO_SAC
1 file(s)
NORMATIVE
  • KIAF 1410 (CO-SAC) describes the Service Assessment Criteria which are to be applied to all assessed credential services, irrespective of their standards basis or applicable assurance levels. The Commonly-Applicable Service Assessment Criteria part of the IAF establishes baseline criteria for general organizational conformity, identity proofing services, credential strength, and credential management services against which all CSPs will be assessed.
  • For Classic and NIST 800-63 rev.3 (Full) Classes of Approval. 
2.0
KIAF-1420 OP_SAC
1 file(s)
NORMATIVE
  • KIAF 1420 (OP-SAC) describes the Service Assessment Criteria which are to be applied to ‘Classic’ service operations (i.e. those broadly based on NIST SP 800-63 rev.2 requirements). These criteria address operational conformity of credential management services and their providers at all Assurance Levels (AL).
  • For Classic Class of Approval, which is modelled on best practice (drawing from, among other sources, ISO/IEC 27001, ISO/IEC 29115) to ensure the provider organization’s good standing and management / operational practices and criteria modelled on a genericized interpretation of NIST SP 800-63 rev.2 requirements, that ensure conformant technical provision of the provider organization’s service.
1.1

For More Information, please see: https://kantarainitiative.org/trustoperations/classes-of-approval/

Supporting Templates for Service Provider Approval 

 

Assessor Accreditation 

Requirements and Process Documents

Title
Kantara IAF 1350 Assessor Accreditation Handbook
1 file(s)
NORMATIVE 
  • KIAF 1350 Assessor Accreditation Handbook (AAH) describes the Assurance Review Board’s (ARB) Policy for handling applications for Accreditation of Assessors, upon whom shall fall responsibility for assessing service providers against specific selections of available Kantara Service Assessment Criteria (SAC). These procedures define the obligations upon Applicant and Accredited Assessors and the ARB and its Secretariat, with regard to the Approval assessment and application processes.
  • This document is to be applied in accordance with KIAF-1610 RAKS.
   
1.0
KIAF 1610 – Required Assessor Knowledge and Skills
1 file(s)
NORMATIVE
  • KIAF 1610 Required Assessor Knowledge and Skills (RAKS) describes the Assurance Review Board’s requirements for knowledge and skills which must be met by applicants for Kantara-Accredited Assessor status. These requirements are to be applied in accordance with KIAF-1350 ‘Assessor Accreditation Handbook’ for the purposes of assessing and determining Credential Service Providers’ services for conformity against specific selections of available Kantara Service Assessment Criteria.
  • This is the first publication of this document under its given identity and title. However, it is effectively a re-write of IAF-1600 “Assessor Qualifications and Requirements”.
1.0

 

Supporting Templates for Assessor Accreditation

 

Contact

secretariat@kantarainitiative.org

 

IAF Archive 

Title
KIAF-1340 Service Approval Handbook
1 file(s)
It defines the obligations upon Applicant and Approval-holding CSPs, the ARB and its Secretariat, and Accredited Assessors, with regard to the Approval assessment and application processes. Effective from: 2018-05-01, after which date any parts of the KIAF-1300 (AAS) and KIAF -1800 (RAA) which address the scope now covered by the SAH, shall be withdrawn and no longer accepted by the ARB. NOTESee KIAF 1340 version 2 in the Service Provider Approval Process Documents above 1.0
KIAF-1800 Rules governing Assurance Assessments
1 file(s)
Explicits the normative of the Kantara Initiative requirements. NOTE: Replaced/withdrawn by KIAF 1610, KIAF 1340 and KIAF 1350. See Assessor Accreditation and Service Provider Approval Process Documents above  2.0
KIAF-1600 Assessor Qualifications and Requirements
1 file(s)
The qualifications and requirements that ARB uses to determine Assessors Accreditation. The sole substantive change in this revision is the replacement of previous criteria AD.1 and AD.2 with a single criterion, AD.3.  In addition, some editorial changes have been made to ensure understanding or to avoid ambiguity. NOTE: Replaced/withdrawn by KIAF 1610 - See Assessor Accreditation Process Documents above  2.0
KIAF-1300 Assurance Assessment Scheme
1 file(s)
Explains how the Assurance Program operates. NOTE: Replaced/withdrawn by KIAF 1610, KIAF 1340 and KIAF 1350. See Assessor Accreditation and Service Provider Approval Process Documents above  5.0
KIAF-1200 Levels of Assurance
1 file(s)
Assurance Level Policy Overview and Description of the four Assurance Levels. 2.0
KIAF-1100 Glossary
1 file(s)
Brief summary of commonly used terms that are used across IAF documents. NOTE: A new document, the IAF 1050- Glossary and Overview will be released soon. 2.0
KIAF-1000 Overview
1 file(s)
Introduction to the Kantara Initiative Identity Assurance Framework. NOTE: A new document, the IAF 1050- Glossary and Overview was released, please see it at the top of the page. 2.0

 

Other Archive

Kantara Mapping Reports

Title
KIAF-5463 SAC mapping – SEAG
1 file(s)
It provides a mapping between the IAF - 1400 SAC and NIST 800-63-2 2.0
IAF 5415
1 file(s)
It provides a mapping between the IAF -1400 SAC and ISO/IEC 29115 (ITU-T X.1254) 1.0

Kantara Reports

Title
KIAF 1401 SAC v4-0bis SoC AL1_2_3_4 KDV10
1 file(s)
Spreadsheet version of the IAF-1400 Service Assessment Criteria v4.0. It is non-normative and should be considered guidance for users of the IAF.