Service Provider Approval

If you are interested to become a Kantara approved CSP, first, please read Kantara Classes of Approval and Approval Roadmap. Applicants should be fully familiar with, inter alia, Kantara’s: Service Approval Handbook; Service Assessment Criteria, available below. 

Table of Contents

  1. Service Approval Handbook
  2. Service Assessment Criteria Overview
  3. Service Assessment Criteria
  4. Application Package

 

1. Service Approval Handbook

Title
KIAF 1340 – Service Approval Handbook
1
NORMATIVE
  • KIAF 1340 – Service Approval Handbook defines the obligations upon Applicant and Approval-holding CSPs, the ARB and its Secretariat, and Accredited Assessors, with regard to the Approval assessment and application processes.
3.1

    ARB Notice regarding KIAF-1340 Service Approval Handbook, 2020-03-30

    In light of the present SARS-COV2/COVID-19 virus pandemic the ARB has reviewed the Service Approval Handbook §6.1.3, §8.1.3 and §9.1.3 (which state requirements under which Assessors SHALL include  site  visits  in  their  assessment  program)  and  determined  that, until  this  notice  is  rescinded, any Kantara requirements that assessors visit CSPs’ premises or meet face-to-face with personnel are suspended.
    While it understands that assessments already utilize a high degree of efficient use of on-line conferencing applications the ARB hereby requests that, in lieu of these above-cited requirements, assessors and CSPs use their best endeavours, given their respective business operation restrictions, to formulate a plan for a virtual inspection to the fullest extent practical, including remote video, of CSP premises.
    Assessors SHALL, in their KARs, describe the steps that have been taken to substitute for actual on-site visits and describe any limitations which have been imposed

     

    2. Service Assessment Criteria Overview – Guidance on completing a SoCA and derived SoC

    Title
    KIAF-1405 Service Assessment Criteria – Overview
    1
    NORMATIVE
    • This document describes the application of the Kantara Identity Assurance Framework’s (KIAF) Service Assessment Criteria (SAC) documents to create two key documents required by Approval applicants when submitting their services for Kantara approval, these being the Statement of Criteria Applicability (SoCA) and the Statement of Conformity (SoC), the requirements for both of which are stated in KIAF-1340 Service Approval Handbook.
    1.0

       

      3. Service Assessment Criteria for Identity & Credential Management Systems

      Service Assessment Criteria Sets for Classic and NIST 800-63 rev.3 (Full and Technical) Classes of Approval

      Title
      KIAF 1420 – OP_SAC Kantara Identity Assurance Framework: Operational Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA)
      1
      NORMATIVE
      • This Specification sets forth KI’s Service Assessment Criteria, generally referred-to as the ‘OP_SAC’, for the assessment of the operational functionality of those services which align to the ‘Classical’ Kantara criteria, which are based loosely on NIST SP 800-53 rev.2, be generally referred-to as the ‘OP_SAC’.
      • The current version of the OP_SAC is v2.1, released August 31, 2022. Please download an updated version if needed!
      2.1
      KIAF 1410 – CO_SAC Kantara Identity Assurance Framework: Common Organizational Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA) – Excel Version
      1
      NORMATIVE
      • This Specification sets forth KI’s Service Assessment Criteria for assessments whose scope includes the good standing of the organization which provides the service which is subject to assessment, be generally referred-to as the ‘CO_SAC’.
      • The current version of the CO_SAC is v4.0, released August 31, 2022. Please download an updated version if needed!
      4.0
      KIAF 1430 – Identity Assurance Framework: NIST SP 800-63A Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA)
      1
      NORMATIVE
      • This Specification sets forth KI’s Service Assessment Criteria for assessments against the requirements of NIST’s SP 800-63A as published 2017-12-01 (with errata) at IAL2 & IAL3, to be generally referred-to as the ’63A_SAC’.
      • Please fill out the form to receive the 63A_SAC.
      • The current version of the 63A_SAC is v4.1, released August 31, 2022. Please request an updated version if needed!
      The Kantara Initiative Service Assessment Criteria are available for reference by entities that plan to get its service approved under the Kantara Identity Assurance Framework and also for reference by Relying Parties for instance in the preparation of RFPs. By receiving the Kantara criteria for NIST SP 800-63-3, you agree to abide by the Notice pertaining to IPR and Copyright contained in the documents. You further agree not to create derivative works to develop any other artefact, to not re-sell and to not re-package into a commercial product or offering.
      Kantara Initiative is an ethics based, mission-led non-profit global consortium passionate about giving control of data back to people and improving trustworthy use of identity and personal data through innovation, standardization and good practice. Kantara recommendations and reports are produced by Kantara member and non member participant volunteers as a service to themselves and to the community of stakeholders who benefit from or use Kantara’s artifacts. In order to ensure that Kantara understands and maintains relationships with the community of stakeholders that it serves, Kantara must engage with organizations and individuals. To that end, we collect basic contact information to fulfill our mandate to meet stakeholder needs and identify new recommendations or reports that might be useful for our community. We will not use or disclose this information for any other purpose than to contact you in relation to this document unless required to by law. If you agree to be kept informed about Kantara news and updates, your personal data will only be used or shared to fulfill that requirement.
      By downloading you agree to be contacted in relation to this document.
      4.1
      KIAF 1450 – Identity Assurance Framework: NIST SP 800-63C Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA)
      1
      NORMATIVE
      • This document sets forth KI’s Service Assessment Criteria for assessments against the requirements of NIST’s SP 800-63C as published 2017-12-01 (with errata) at FAL2 & FAL3, to be generally referred-to as the ’63C_SAC’.
      • Please fill out the form to receive the 63C_SAC
      • The current version of the 63C_SAC is v1.1, released August 31, 2022. Please request an updated version if needed!
      The Kantara Initiative Service Assessment Criteria are available for reference by entities that plan to get its service approved under the Kantara Identity Assurance Framework and also for reference by Relying Parties for instance in the preparation of RFPs. By receiving the Kantara criteria for NIST SP 800-63-3, you agree to abide by the Notice pertaining to IPR and Copyright contained in the documents. You further agree not to create derivative works to develop any other artefact, to not re-sell and to not re-package into a commercial product or offering.
      Kantara Initiative is an ethics based, mission-led non-profit global consortium passionate about giving control of data back to people and improving trustworthy use of identity and personal data through innovation, standardization and good practice. Kantara recommendations and reports are produced by Kantara member and non member participant volunteers as a service to themselves and to the community of stakeholders who benefit from or use Kantara’s artifacts. In order to ensure that Kantara understands and maintains relationships with the community of stakeholders that it serves, Kantara must engage with organizations and individuals. To that end, we collect basic contact information to fulfill our mandate to meet stakeholder needs and identify new recommendations or reports that might be useful for our community. We will not use or disclose this information for any other purpose than to contact you in relation to this document unless required to by law. If you agree to be kept informed about Kantara news and updates, your personal data will only be used or shared to fulfill that requirement.
      By downloading you agree to be contacted in relation to this document.
      1.1
      KIAF 1440 – Identity Assurance Framework: NIST SP 800-63B Service Assessment Criteria (SAC) & Statement of Criteria Applicability (SoCA)
      1
      NORMATIVE
      • This document sets forth KI’s Service Assessment Criteria for assessments against the requirements of NIST’s SP 800-63B as published 2017-12-01 (with errata) at AAL2 and AAL3, to be generally referred-to as the ’63B_SAC’.
      • Please fill out the form to receive the 63B_SAC.
      • The current version of the 63B_SAC is v4.1, released August 31, 2022. Please request an updated version if needed!
      The Kantara Initiative Service Assessment Criteria are available for reference by entities that plan to get its service approved under the Kantara Identity Assurance Framework and also for reference by Relying Parties for instance in the preparation of RFPs. By receiving the Kantara criteria for NIST SP 800-63-3, you agree to abide by the Notice pertaining to IPR and Copyright contained in the documents. You further agree not to create derivative works to develop any other artefact, to not re-sell and to not re-package into a commercial product or offering.
      Kantara Initiative is an ethics based, mission-led non-profit global consortium passionate about giving control of data back to people and improving trustworthy use of identity and personal data through innovation, standardization and good practice. Kantara recommendations and reports are produced by Kantara member and non member participant volunteers as a service to themselves and to the community of stakeholders who benefit from or use Kantara’s artifacts. In order to ensure that Kantara understands and maintains relationships with the community of stakeholders that it serves, Kantara must engage with organizations and individuals. To that end, we collect basic contact information to fulfill our mandate to meet stakeholder needs and identify new recommendations or reports that might be useful for our community. We will not use or disclose this information for any other purpose than to contact you in relation to this document unless required to by law. If you agree to be kept informed about Kantara news and updates, your personal data will only be used or shared to fulfill that requirement.
      By downloading you agree to be contacted in relation to this document.
      4.1

        Acknowledgement: Kantara Initiative Inc. is grateful for the support of ID.me in sponsoring the editing of the service assessment criteria for NIST SP 800-63 rev.3.

        4. Application Package – Service Approval

        If you have any questions and/or want to learn more, please contact us.