Presentation is loading. Please wait.

Presentation is loading. Please wait.

TFTM 01-06 Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.

Published byOphelia Sarah Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "TFTM 01-06 Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities."— Presentation transcript:

1 TFTM 01-06 Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities Discussion Deck TFTM Committee February 5, 2014 2-05-2014IDESG TFTM Committee1

2 Trust Framework - Developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. (Source: NSTIC) Trust Framework Provider - An organization that defines or adopts a trust framework and then, certifies participants that are in compliance with the requirements of that framework. (Source: FICAM TFPAP-slightly modified for context) Accreditation Body (AKA “Accreditation Authority”) – An organization that evaluates, approves and provides formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework Accreditation - The processes for the evaluation, approval and formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework. (Source: Kantara-slightly modified for context) 2-05-2014IDESG TFTM Committee2 Key terms for this discussion

3 Certification- The processes of assessing, validating, and determining that a product or service provider meets the defined requirements of a specific trust framework. (Source: FICAM TFPAP-slightly modified for context) Trustmark - A visual symbol and/or digital certificate that is used to indicate that a product or service provider has been certified to meet the requirements of a specific trust framework. (Source: NSTIC- Slightly modified) Trust List - A list of participants who have been determined to meet the requirements of a trust framework and are authorized to operate within that trust framework. Trust lists can be a simple visual representation or be integrated into the electronic interactions of a trust framework. (Source: Modified from NSTIC Trustmark definition) 2-05-2014IDESG TFTM Committee3 Key terms for this discussion

4 Accreditation Program Certification Program Service Provider Administrative Responsibilities: Document and maintain : Policies and participation rules Requirements Application/Onboarding processes Standard agreement for accredited entities Maintain public trust list/registry of accredited entities Operational Responsibilities: Evaluate the capability of applicant entities for certification activities Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements Administrative Responsibilities: Document and maintain: Requirements Assessment Processes Assessment Criteria Application/onboarding processes Standard agreement for certified entities Formal recognition of certified services Maintain public trust list/registry of certified entities Operational Responsibilities: Perform and document assessments Validate conformance to Certification Program requirements Provide formal recognition for approved/validated identity services Monitor continued conformance for certified entities Administrative Responsibilities: Document and maintain Trust Mark issuance and usage policies and participation rules Document and maintain Trust Mark (Usage) Agreement Document and maintain security and controls for Trustmark monitoring. Operational Responsibilities: Execute and maintain Trust Mark (Usage) Agreements for certified entities Monitor continued conformance to Trustmark usage requirements for certified entities Establish and maintain security and controls for issued trust marks Trust Mark Issuance Accredit Certify/Issue Certification Accreditation 2-05-2014IDESG TFTM Committee4

5 2-05-2014IDESG TFTM Committee5 Key Administrative Responsibilities Industry ExamplesRelevant Standards Document and maintain Accreditation Program policies and participation rules Kantara IAF, IAF 1300 Assurance Assessment SchemeKantara IAF, IAF 1300 Assurance Assessment Scheme, IAF 1600 Qualified Assessor Requirements IAF 1600 Qualified Assessor Requirements SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM Trust Framework Provider Adoption Program (TFPAP), Certificate Policies for FBCA, EGCA, EGTS ISO/IEC 17000 Conformity Assessment– Vocabulary and general principles ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Document and maintain Accreditation Program requirements Kantara IAF 1600 Qualified Assessor Requirements SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM TFPAP, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Document and maintain Accreditation Program application and approval processes (initial, renewal) Kantara Accredited Assessor Application FICAM Trust Framework Provider Assessment Package ApplicationFICAM Trust Framework Provider Assessment Package Application, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17011 Conformity assessment — General requirements Maintain public trust list/registry of accredited entities KantaraKantara SysTrust/Webtrust FICAM TFPAP, FBCA SafeBiopharmaSafeBiopharma OIXOIX ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Accreditation Program Key Responsibilities

6 2-05-2014IDESG TFTM Committee6 Key Operational ResponsibilitiesIndustry ExamplesRelevant Standards Process and support applicant entities through accreditation process N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Evaluate the capability of applicant entities for certification activities N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements FICAM Trust Framework Provider Adoption Program FICAM FPKI Common Policy Framework CPS Evaluation Mapping Matrix ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Maintain compliance requirements for accredited entities. N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Accreditation Program Key Responsibilities

7 2-05-2014IDESG TFTM Committee7 Key Administrative Responsibilities Industry ExamplesRelevant Standards Document and maintain Certification Program policy and requirements Kantara IAF, IAF 1300 Assurance Assessment SchemeKantara IAF, IAF 1300 Assurance Assessment Scheme, IAF 1400 Service Assessment Criteria IAF 1400 Service Assessment Criteria InCommon Identity Assurance Framework SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM TFPAP, Certificate Policies for FBCA, EGCA, EGTS ISO/IEC 17000 Conformity Assessment– Vocabulary and general principles ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain Assessment Processes and Criteria Kantara IAF, IAF 1400 Service Assessment Criteria InCommon Identity Assurance Framework SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations Webtrust for Certification Authorities – Extended Validation Audit Criteria FICAM TFPAP, Criteria and Methodology for Cross-certification with the FBCA, PIV-I Certification Process ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain Certification Program application processes Application for Kantara Approval FICAM Trust Framework Provider Assessment Package ApplicationFICAM Trust Framework Provider Assessment Package Application, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain standard agreement for certified entities InCommon Participation AgreementInCommon Participation Agreement (Identity Assurance Addendum)(Identity Assurance Addendum) Kantara Initiative IAF Trademark License Agreement FICAM MOU/MOA ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Certification Program Key Responsibilities

8 2-05-2014IDESG TFTM Committee8 Key Operational ResponsibilitiesIndustry ExamplesRelevant Standards Establish, train, and maintain Certification Program Assessment Team Kantara Assurance Review Board WebTrust Licensed Practitioners FICAM Trust Framework Evaluation Team, CPWG ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Perform and document assessments N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Validate conformance to Certification Program requirements N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Provide formal recognition /certification for approved/validated identity services N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Maintain public trust list/registry of accredited entities KantaraKantara FICAM TFPAP, FBCA, SSP, PIV-IFICAM TFPAP, FBCA, SSP, PIV-I SafeBiopharmaSafeBiopharma OIXOIX WebTrust Licensed Practitioners ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Maintain, as appropriate, continued conformance for certified entities N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Certification Program Key Responsibilities

9 2-05-2014IDESG TFTM Committee9 Key Administrative/Operational Responsibilities Industry ExamplesRelevant Standards Document and maintain Trust Mark issuance and usage policies and participation rules Kantara Assurance WebTrust/SysTrust InCommon Assurance US and International Trademark Law Document and maintain Trust Mark License (Usage) Agreement Kantara /IEEE-ISTO TMLA WebTrust Practioners License US and International Trademark Law Establish and maintain security and controls for Trust Mark issuance and use Kantara /IEEE-ISTO TMLA WebTrust AICPA/CICA Registry US and International Trademark Law Monitor/maintain trust mark integrity and conformance N/A US and International Trademark Law Trust Mark Program Key Responsibilities

10 2-05-2014IDESG TFTM Committee10 Accreditation, Certification and Trust Mark Flow Accreditation Body (ISO/IEC 17011) Certification (Trust Framework or Trust Mark) Providers Conformity Assessment Body (ISO/IEC 17011) Approved Service Provider (CSP) Approved Service Provider (IDP) Approved Service Provider (AA) Evaluate, approve and formally recognize entities that are capable of carrying out certification activities for a defined set of requirements (e.g., trust framework). Assess, validate, and determine that products or service providers meet the defined requirements of a specific trust framework. Service Providers apply for and are validated to meet defined Trust Framework requirements. Trust mark IDESG (?)

Download ppt "TFTM 01-06 Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities."

Similar presentations

Establishing a New Accreditation Program in the U.S.

Establishing a New Accreditation Program in the U.S.
TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
MODULE B - PROCESS B1.ASME Organizational Structure B2.Standards Development: Staff and Volunteer Roles and Responsibilities B3.Conformity Assessment:

MODULE B - PROCESS B1.ASME Organizational Structure B2.Standards Development: Staff and Volunteer Roles and Responsibilities B3.Conformity Assessment:
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.

Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.
The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.

The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.
Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.

Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/14 17-16-2014.

Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/
ISO/IEC 29110 in Brazil Helping SME of Brazil in Becoming more Competitive Getting Competitiveness to VSE.

ISO/IEC in Brazil Helping SME of Brazil in Becoming more Competitive Getting Competitiveness to VSE.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
TFTM Deliverable 01-06 2014 Trustmark and Conformance Program Discussion Deck TFTM Committee May 07, 2014 5-07-2014IDESG TFTM Committee1.

TFTM Deliverable Trustmark and Conformance Program Discussion Deck TFTM Committee May 07, IDESG TFTM Committee1.
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

Similar presentations

Ads by Google