Click here to view our Trust Status List (TSL) – an overview of the current list of Identity and Credential Services Providers, Accredited Assessors and Registered Applicants
 | NIST 800-63 rev.3 Available to Credential Service Providers offering Full or Component Credential Management Services. Modeled on best practice (drawing from, among other sources, ISO/IEC 27001, ISO/IEC 29115), this Class of Approval ensures the provider organization’s good standing and management / operational practices and assesses criteria which are derived strictly from NIST SP 800-63 rev.3 requirements, ensuring a conformant technical provision of the provider organization’s service. Assurance Levels: IAL2, IAL3; AAL2, AAL3; FAL2, FAL3 |
|---|---|
 | NIST 800-63 rev.3 (Technical) Available to Credential Service Providers offering Full or Component credential management services. This Class of Approval is based on criteria derived strictly from NIST SP 800-63 rev.3 requirements that ensure conformant technical provision of the provider organization’s service. This Class of Approval does not assess the provider organization’s good standing and management/ operational practices; it focuses on the technical provision ONLY. Assurance Levels: IAL2, IAL3; AAL2, AAL3; FAL2, FAL3 *The Technical Class of Approval will be discontinued, likely in 2024. |
 | Classic Available to Credential Service Providers offering Full or Component credential management services. Modeled on best practice (drawing from, among other sources, ISO/IEC 27001, ISO/IEC 29115), this Class of Approval ensures the provider organization’s good standing and management / operational practices and assesses criteria modeled on a generalized interpretation of NIST SP 800-63 rev.2 requirements, ensuring conformant technical provision of the provider organization’s service. Levels of Assurance: 1, 2, 3 & 4, as described in OMB M-04-04 |
A number of SAC sets may have additional Assessment Profiles associated with them. The available SAC sets are listed below.
SAC sets: Please note that most current SAC sets were published on August 31, 2022. Contact the secretariat for the newest version.
| Set title | Published in |
| CO_SAC | IAF-1410 |
| OP_SAC | IAF-1420 |
| 63A_SAC | IAF-1430 |
| 63B_SAC | IAF-1440 |
| 63C_SAC | IAF-1450 |
No SAC publication version numbers are cited – the links above provide the latest published version of the respective SAC documents
| Class of Approval: | NIST 800-63 Rev. 3 | NIST 800-63 Rev. 3 (Technical) | Classic |
| SAC Sets: |
|
|
|
| SAC Owner: | Kantara Initiative, Inc. | ||
| Assurance Levels: |
|
|
|
| Available Assessment Modes: | Full or Component Service | ||
Ready to Operate or Full Approval | |||
| Available Profiles: | None | None | US Federal Privacy Criteria |
The tables below provide consistent descriptors for each service type and relate each to the Service Assessment Criteria (SAC) against which the service is assessed. Credential Service Providers are required to use one of these descriptors when preparing their award application.
We will recognize and approve services, according to the the applicable SACs.
Class of Approval: NIST 800-63 rev. 3
| Service Descriptor/Approval Type | Applicable SACs | |
| Full Service
| Identity Proofing | CO_SAC with ALL applicable criteria In Scope + 63A_SAC with ALL applicable criteria In Scope |
| Credential Management | CO_SAC with ALL applicable criteria In Scope + 63B_SAC with ALL applicable criteria In Scope | |
| Identity Proofing & Credential Management | CO_SAC with ALL applicable criteria In Scope + 63A_SAC with ALL applicable criteria In Scope + 63B_SAC with ALL applicable criteria In Scope | |
| Component Service
| Identity Proofing | CO_SAC with ALL applicable criteria In Scope + 63A_SAC with NOT ALL criteria In Scope |
| Credential Management | CO_SAC with ALL applicable criteria In Scope + 63B_SAC with NOT ALL criteria In Scope | |
| Identity Proofing & Credential Management | CO_SAC with ALL applicable criteria In Scope + 63A_SAC with NOT ALL criteria In Scope + 63B_SAC with NOT ALL criteria In Scope | |
| Federated | Identity Proofing & Credential Management | CO_SAC with ALL criteria In Scope + 63A_SAC with ALL criteria In Scope + 63B_SAC with ALL criteria In Scope + 63C_SAC with ALL [‘CSP’ OR ’CSP+RP’] criteria InScope |
Class of Approval: NIST 800-63 rev. 3 (Technical)
- CO_SAC not included in any Technical assessment
| Service Descriptor/Approval Type | Applicable SACs | |
| Full Service (Technical) | Identity Proofing | 63A_SAC with ALL criteria In Scope |
| Credential Management | 63B_SAC with ALL criteria In Scope | |
| Identity Proofing & Credential Management | 63A_SAC with ALL criteria In Scope + 63B_SAC with ALL criteria In Scope | |
| Component Service (Technical) | Identity Proofing | 63A_SAC with NOT all criteria In Scope |
| Credential Management | 63B_SAC with NOT all criteria In Scope | |
| Identity Proofing & Credential Management | 63A_SAC with NOT all criteria In Scope + 63B_SAC with NOT ALL criteria In Scope | |
| Federated (Technical) | Identity Proofing & Credential Management | 63A_SAC with ALL criteria In Scope + 63B_SAC with ALL criteria In Scope + 63C_SAC with ALL [‘CSP’ OR ’CSP+RP’] criteria InScope |
Class of Approval: Classic
| Service Descriptor/Approval Type | Applicable SACs |
| Full Service | CO_SAC with ALL applicable criteria In Scope + OP_SAC with ALL applicable criteria In Scope |
| Component Service | CO_SAC with ALL applicable criteria In Scope + OP_SAC with NOT all criteria In Scope |
Acknowledgement: Kantara Initiative, Inc. is grateful for the support of ID.me in editing the Service Assessment Criteria for NIST SP 800-63 rev.3.
Last updated 2023-09-12
Demonstrate your leadership in the field of identity!
We support our members with profile-raising activity including conference and media presentations, report authorship, leadership of Work Groups and Committees and roles on the Kantara Board of Directors.