The Kantara Initiative Trust Framework Provider program is the industry leading program that Accredits Assessors and Approves Credential Service Providers at Assurance Levels 1, 2 & non-PKI Level 3, based on the Kantara Service Assessment Criteria.
We formalize trust in key components of the identity infrastructure, as the premier Trust Framework Provider aligned with the US NSTIC program and through similar initiatives outside the US. This grows markets by making trust, assurance and compliance more manageable, improving its quality and repeatability.
This program is based upon the Kantara Trust Framework, which was developed with input from members of the global financial services, government, healthcare, IT and telecom sectors. Kantara initially developed an Identity Assurance Framework (IAF) based on NIST SP 800-63-2 (which itself is based on the US Federal Government’s OMB M-04-04). The IAF encapsulated 800-63-2’s requirements together with Kantara’s additional requirements into an over-arching controlling document set that governs the IAF and the Identity Assurance Program that was the IAF’s first implementation. Due to increased demand from other programs/schemes in digital identity, consent management and related domains, for conformity assessment, approval and the granting of Trust Marks to assured services, it became known as the Kantara Trust Framework to reflect its expanded scope.
The Assurance Program provides public and private sector organizations with a uniform means of relying on digital credentials issued by a variety of Credential Service Providers (CSPs issue and manage identity credentials) in order to advance public trust in access to online services and information. Kantara applies the overarching IAF to assess Credential Services against strict criteria (the SAC), and Approves CSP’s discrete services, granting the CSP the right to use the Kantara Trust Mark.
Kantara Initiative is a Trust Framework Provider, approved by the US Federal Government’s Identity and Access Management (ICAM), program which operates the FPKI Bridge CA and the Trust Framework Solutions (TFS) programs. Most Kantara CSPs are authorized under TFS.
Review the IAF Controlling Documents.
See the Approved CSPs, Accredited Assessors and Registered Applicants at Trust Status List
IAF Identity Assurance Levels: Snapshot View
|Assurance Level||Example||Assessment Criteria-Organization||Assessment Criteria-Identity Proofing||Assessment Criteria-Credential Management|
|AL 1||Registration to a news website||Minimal Organizational criteria||Minimal criteria – Self assertion||PIN and Password|
|AL 2||Change of address of record by a beneficiary||Moderate organizational criteria||Moderate criteria – Attestation of Govt ID||Single factor; prove control of token through authentication protocol|
|AL 3||Access to an online brokerage account||Stringent organizational criteria||Stringent criteria – stronger attestation and verification of records||Multi-factor auth: cryptographic protocol; “soft”, “hard”, or “OTP” tokens|
|AL 4||Dispensation of a controlled drug or $1M bank wire||Stringent organizational criteria||More stringent criteria – stronger attestation and verification||Multi-factor auth w/ hard tokens only; crypto protocol w/ keys bound to auth process|
NOTE: Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63