Trust Status List

Trust Status List

A complete list of Kantara Initiative Approved Services, Accredited Assessors, & Registered Applicants. 

See below for a detailed explanation of the different Approval types. 

{{ category.label }}

Guidance for Interpreting the Trust Status List:

Full Service – Credential Service Providers (CSPs) that offer both Identity Proofing (IAL) and Authentication (AAL) services.
Classic Service- Our original Class of Approval. Modeled on a generalized interpretation of NIST SP 800-63 rev.2 requirements.
Component Service
– 
CSPs that offer an IAL or AAL service. 
Accredited Assessors – Assessors that have successfully completed the Kantara Accreditation process and are eligible to assess CSPs applying for a Kantara Approval TrustMark.
Registered Applicant – CSPs that have submitted an initial application and the application was accepted by the Kantara Assurance Review Board. These CSPs are currently undergoing third-party assessment by a Kantara Accredited Assessor prior to being awarded a Kantara TrustMark as an Approved service. 

Technical – This Class of Approval does not assess the CSP’s good standing and management/ operational practices; it focuses on the technical provision ONLY.
Ready to Operate – A 1-year Approval for an Assessment in which there are no operational records to underpin the quality of the Assessment. A full Triennial assessment must occur after the point in time at which operational records begin to be generated. Once a Triennial assessment has been Approved, the Ready to Operate designation is dropped. 



Each Approved service entry links to the applicable service assessment criteria for the Approved assurance level. Use this guidance when reviewing the criterion applicability within each set of criteria:

‘In scope – Applicable’  the functionality, activity or status that is required (or a sub-part thereof) applies to the scope of the subject service and that the CSP provided adequate evidence of conformity. 

‘In scope – Not applicable’ the functionality, activity or status that is required (or a sub-part thereof) inherently applies to the scope of the subject service but that there is a reason, with justification, why the clause does actually not apply, and therefore no evidence of conformity was tendered. 

In scope – Applicable – fulfilled by… the functionality, activity or status that is required applies to the scope of the subject service and that the CSP employs a Pre-Approved Service to accomplish the required need. The Kantara Grant ID which is assigned to the Pre-Approved Service is cited and the SoCA for that service must be one which shows this criterion to be completely ‘In Scope – Applicable‘ (see above). 

‘Not in scope’ – the functionality, activity or status that is required is expressly outside the scope of the subject service, at least as far as concerning its consideration for Approval. 

Guidance taken from Kantara IAF-1340 Service Approval Handbook, v4, §3.3.2.