Kantara’s Identity Assurance Framework: Revision and New Trust Marks
Given the new Digital Identity Guidelines, 800-63-3, that NIST has released, available at https://pages.nist.gov/800-63-3/ , Kantara Initiative Inc. (KI) coordinated strategic sessions to tackle the challenging task of changing its framework to accommodate the new requirements. As with everything we do at Kantara, we do it together with the community we serve. We ran a strategic consultation process that included Kantara’s approved CSPs, accredited Assessors and other community participants and created a sub-group of the Identity Assurance Working Group (IAWG) charged with developing a new Scheme. The Scheme is expected to be released for public review by the end of 2017 and operational by April 2018.
The Identity Assurance Framework (IAF) revision is predicated on a new scheme that essentially combines the existing IAF CO-SAC (Common Organizational Service Assessment Criteria) and a new OP-SAC (Operational Service Assessment Criteria) based on the new ‘levels’ IAL, AAL and FAL from 800-63-3. Additionally, Kantara plans to issue a ‘FICAM profile’ of the new KI 800-63-3 based IAF, as soon as the GSA presents its revised FICAM requirements.
Kantara’s market leadership for manageable Identity Assurance has taken another bold step forward. The new NIST Digital Identity Guidelines, 800-63-3 has handed Kantara (KI) a perfect opportunity to develop 800-63-3 Kantara.next.gen – a new Scheme from its globally acknowledged Identity Assurance Framework (IAF) with corresponding assessment, approval and Trust Mark for Service Providers offered by Kantara’s Trust Framework Operations Program, that conform to the requirements of the standard together with Kantara’s Service Assessment Criteria (SAC).
In the wake of unprecedented numbers of security breaches that expose personal data, 800-63-3 has received high interest, and consequential demand for Kantara’s services has never been greater. But Kantara does not rest on its laurels, so take this short survey to help us help you.
800-63-2 Kantara Classic
Kantara Classic was Kantara’s first implementation of the Identity Assurance Framework. It encapsulates NIST 800-63-2’s requirements together with Kantara’s additional requirements into an over-arching controlling document set that governs both the Framework and more broadly the Identity Assurance Program. Kantara Classic continues as a certification Trust Mark in Kantara’s Trust Framework Operations Program.
Both 800-63-3 Trust Mark, which would be named as Kantara.next.gen Trust Mark, and Kantara Classic Trust Mark form part of the Kantara Trust Framework, together with Trust Marks from other Schemes, outsourced into Kantara’s care.
Kantara Operations scope is expanding
In response to demand, Kantara has opened its operations and service platform to external Federations and communities. The development of conformance assessment criteria, approval, and grant of Trust Marks from Kantara’s proven, well recognized program structure for digital identity and consent management is available to Schemes in other domains.
If you have a Scheme operation that you wish to outsource to Kantara, please Contact us
Revising the Trust Framework Operations Program Controlling Documents
At the heart of Kantara’s Trust Framework Operations Program are the Identity Assurance Framework IAF Controlling Documents. They comprise Service Assessment Criteria (SACs) for the Schemes that Kantara curates and governs (the Identity Assurance Working Group are developing SACs for 800-63-3). The Assurance Review Board – Kantara’s governing body for the Program – is merging IAF 1300 Assurance Assessment Scheme (AAS) and IAF 1800 Rules governing Assurance Assessments (RAA) into a new all-encompassing IAF-1340 Service Approval Handbook for both assessors and service providers. The Handbook defines the types of Assessments required within the AAS and establishes rules governing how they are to be performed and how the status of both service Approvals and Assessor Accreditations are managed and published. The Handbook also describes the processes to apply for service Approvals, to have assessments performed, to maintain those Approvals, and how Approvals may be terminated or revoked. These continual cycles of maintenance and improvement ensures that Kantara’s Trust Framework Operations Program retains its integrity and continually builds its international credibility.