90 likes | 229 Views
TFTM 01-06 Interim Trust Mark /Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities Discussion Deck . TFTM Committee February 5, 2014. Key terms for this discussion.
E N D
TFTM 01-06Interim Trust Mark/Listing Approach PaperAccreditation, Certification, and Trust Mark ProgramKey Administrative and Operational ResponsibilitiesDiscussion Deck TFTM Committee February 5, 2014 IDESG TFTM Committee
Key terms for this discussion Trust Framework - Developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. (Source: NSTIC) Trust Framework Provider - An organization that defines or adopts a trust framework and then, certifies participants that are in compliance with the requirements of that framework. (Source: FICAM TFPAP-slightly modified for context) Accreditation Body (AKA “Accreditation Authority”) – An organization that evaluates, approves and provides formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework Accreditation - The processes for the evaluation, approval and formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework. (Source: Kantara-slightly modified for context) IDESG TFTM Committee
Key terms for this discussion Certification- The processes of assessing, validating, and determining that a product or service provider meets the defined requirements of a specific trust framework. (Source: FICAM TFPAP-slightly modified for context) Trustmark -A visual symbol and/or digital certificate that is used to indicate that a product or service provider has been certified to meet the requirements of a specific trust framework. (Source: NSTIC- Slightly modified) Trust List - A list of participants who have been determined to meet the requirements of a trust framework and are authorized to operate within that trust framework. Trust lists can be a simple visual representation or be integrated into the electronic interactions of a trust framework. (Source: Modified from NSTIC Trustmark definition) IDESG TFTM Committee
Accreditation • Administrative Responsibilities: • Document and maintain : • Policies and participation rules • Requirements • Application/Onboarding processes • Standard agreement for accredited entities • Maintain public trust list/registry of accredited entities • Operational Responsibilities: • Evaluate the capability of applicant entities for certification activities • Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements Accreditation Program Accredit Certification • Administrative Responsibilities: • Document and maintain: • Requirements • Assessment Processes • Assessment Criteria • Application/onboarding processes • Standard agreement for certified entities • Formal recognition of certified services • Maintain public trust list/registry of certified entities • Operational Responsibilities: • Perform and document assessments • Validate conformance to Certification Program requirements • Provide formal recognition for approved/validated identity services • Monitor continued conformance for certified entities Certification Program Certify/Issue Certify/Issue Trust Mark Issuance • Operational Responsibilities: • Execute and maintain Trust Mark (Usage) Agreements for certified entities • Monitor continued conformance to Trustmark usage requirements for certified entities • Establish and maintain security and controls for issued trust marks • Administrative Responsibilities: • Document and maintain Trust Mark issuance and usage policies and participation rules • Document and maintain Trust Mark (Usage) Agreement • Document and maintain security and controls for Trustmark monitoring. Service Provider Service Provider IDESG TFTM Committee
Accreditation Program Key Responsibilities IDESG TFTM Committee
Accreditation Program Key Responsibilities IDESG TFTM Committee
Certification Program Key Responsibilities IDESG TFTM Committee
Certification Program Key Responsibilities IDESG TFTM Committee
Trust Mark Program Key Responsibilities IDESG TFTM Committee