Classes of Approval


This page lists the sets of Service Assessment Criteria (SAC) available to Kantara member Service Providers for assessment, approval and grant of Trust Mark under the Kantara Trust Operations Program, and their related Assessment Profiles, if applicable, at the publication date shown.

 

Classes of Approvals for Identity Information Management Systems (effective March 21st 2018)

Kantara offers a number of Approvals, each being based upon a specific SAC or collection of SAC. These are:

Class of Approval Description
Classic Credential Service Providers offering full credential management services or elements thereof, using criteria which are modelled on best practice (drawing from, among other sources, ISO/IEC 27001, ISO/IEC 29115) to ensure the provider organization’s good standing and management / operational practices (CO_SAC) and additionally draw from a genericized interpretation of NIST SP800-63 rev.2 requirements, to ensure the correct technical provision of the service (OP_SAC).
NIST 800-63 rev.3 Credential Service Providers offering full credential management services or elements thereof, using criteria which are modelled strictly on NIST SP800-63 rev.3 requirements, to ensure the correct technical provision of services aligned to this revision of the publication.
NIST 63-3 FULL Credential Service Providers offering full credential management services or elements thereof, which are modelled strictly on NIST SP800-63 rev.3 requirements, that also require assessment of the operational characteristics of the service against best practices identified in the ‘Classic’ CO_SAC.

 

Available Service Assessment Criteria & Assessment Profiles for Identity Information Management Systems

Kantara supports a number of SAC sets, any of which may have additional Assessment Profiles associated with them. The available SAC sets are identified below and further cited in the context of the Class of Approval which they support (some being employed within multiple Classes).

SAC sets:

Set title Published in
CO_SAC
OP_SAC
IAF-1400
63A_SAC IAF-1430
63B_SAC IAF-1440

No SAC publication version numbers are cited – the links above provide the latest published version of the respective SAC documents

 

Reference data for each Class of Approval

Class of Approval: Classic
SAC set(s) CO_SAC + OP_SAC and US Federal Privacy Criteria (optional)
SAC Sponsor: KI
Assurance Levels LoAs 1, 2, 3 & 4, as described in OMB M-04-04
Available Assessment Modes Full or Component services;
Ready To Operate or Full Approval (based on Period of Time (PoT) or Triennial assessment and Annual Conformity Reviews (ACR) as required)
Available Profiles US Federal Privacy Criteria

 

Class of Approval: NIST 63 rev.3 (Min)
SAC set(s) 63A_SAC + 63B_SAC
SAC Sponsor: KI
Assurance Levels IAL2 & AAL2 (only)
Available Assessment Modes Full or Component services;
Ready To Operate or Full Approval (based on Period of Time (PoT), or Triennial assessment and Annual Conformity Reviews (ACR), as required)
Available Profiles None

 

Class of Approval: NIST 63 rev.3 (Comp)
SAC set(s) CO_SAC@AL3 + 63A_SAC + 63B_SAC
SAC Sponsor: KI
Assurance Levels IAL2 & AAL2 (only)
Available Assessment Modes Full or Component services;
Ready To Operate or Full Approval (based on Period of Time, PoT, or Triennial assessment and Annual Conformity Reviews, ACR, as required)
Available Profiles None

 

Note: Identity Information Management Systems Service Providers that have been granted a Kantara Trust Mark are pre-qualified for partial compliance with the IDESG’s IDEF Registry https://www.idefregistry.org/. Contact Us for further information.

Last updated 2018-01-31