Kantara’s Identity Assurance Framework: Revision and New Trust Marks
Given the new Digital Identity Guidelines, 800-63-3, that NIST has released, available at https://pages.nist.gov/800-63-3/ , Kantara Initiative Inc. (KI) coordinated strategic sessions to tackle the challenging task of changing its framework to accommodate the new requirements. As with everything we do at Kantara, we do it together with the community we serve. We ran a strategic consultation process that included Kantara’s approved CSPs, accredited Assessors and other community participants and created a sub-group of the Identity Assurance Working Group (IAWG) charged with developing a new Scheme. The Scheme is expected to be operational by April 2018.
Kantara’s market leadership for manageable Identity Assurance has taken another bold step forward. The new NIST Digital Identity Guidelines, 800-63-3 has handed Kantara (KI) a perfect opportunity to develop 800-63-3 – a new Scheme from its globally acknowledged Identity Assurance Framework (IAF) with corresponding assessment, approval and Trust Mark for Service Providers offered by Kantara’s Trust Framework Operations Program, that conform to the requirements of the standard together with Kantara’s Service Assessment Criteria (SAC).
In the wake of unprecedented numbers of security breaches that expose personal data, 800-63-3 has received high interest, and consequential demand for Kantara’s services has never been greater. But Kantara does not rest on its laurels, so take this short survey to help us help you.
800-63-2 Kantara Classic
Kantara Classic was Kantara’s first implementation of the Identity Assurance Framework. It encapsulates NIST 800-63-2’s requirements together with Kantara’s additional requirements into an over-arching controlling document set that governs both the Framework and more broadly the Identity Assurance Program. Kantara Classic continues as a certification Trust Mark in Kantara’s Trust Framework Operations Program.
Both 800-63-3 Trust Mark, which would be named as Kantara.next.gen Trust Mark, and Kantara Classic Trust Mark form part of the Kantara Trust Framework, together with Trust Marks from other Schemes, outsourced into Kantara’s care.
Kantara Operations scope is expanding
In response to demand, Kantara has opened its operations and service platform to external Federations and communities. The development of conformance assessment criteria, approval, and grant of Trust Marks from Kantara’s proven, well recognized program structure for digital identity and consent management is available to Schemes in other domains.
If you have a Scheme operation that you wish to outsource to Kantara, please Contact us
Revising the Trust Framework Operations Program Controlling Documents
At the heart of Kantara’s Trust Framework Operations Program are the Identity Assurance Framework IAF Controlling Documents. They comprise Service Assessment Criteria (SACs) for the Schemes that Kantara curates and governs. The Assurance Review Board – Kantara’s governing body for the Program – has merged IAF 1300 Assurance Assessment Scheme (AAS) and IAF 1800 Rules governing Assurance Assessments (RAA) into a new all-encompassing IAF-1340 Service Approval Handbook. This document describes the ARB’s Policy for handling applications for Approval of various services operated by Kantara Members, and assessed against specific selections of available Kantara Service Assessment Criteria (SAC). It defines the obligations upon Applicant and Approval-holding CSPs, the ARB and its Secretariat, and Accredited Assessors, with regard to the Approval assessment and application processes. These continual cycles of maintenance and improvement ensures that Kantara’s Trust Framework Operations Program retains its integrity and continually builds its international credibility.