Trustmark Definition (TD):
FICAM TFP-Certified CSP - LOA 2

Metadata


Identifierhttps://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/ficam-tfp-certified-csp-loa-2/1.0/
NameFICAM TFP-Certified CSP - LOA 2
Version1.0
Publication Date2015-06-24
Trustmark Defining Organization
Identifierhttps://trustmark.gtri.gatech.edu/
NameGeorgia Tech Research Institute
PRIMARY Contact
EmailTrustmarkFeedback@gtri.gatech.edu
Telephone404-407-8956
Mailing Address75 5th Street NW, Suite 900, Atlanta, GA 30308
DescriptionThis trustmark indicates identity LOA 2 certification by a TFP approved under the FICAM TFS initiative.
Target StakeholdersOrganizations that have a vested interest in the U.S. Federal Identity, Credential, and Access Management (FICAM) program and its technical specifications.
Target RecipientsCredential Service Providers that wish to provide their users with access to Relying Party services offered by U.S. federal government agencies and other organizations that have adopted the FICAM SAML SSO Profile.
Target Relying PartiesRelying Parties that wish to conform to the FICAM SAML SSO Profile and/or interoperate with Identity Providers that conform to the FICAM SAML SSO Profile.
Target ProvidersTrust Framework Providers (TFPs) that are approved under the FICAM TFS program.
Provider CriteriaAny organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
Assessor QualificationsAny individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
Trustmark Revocation CriteriaFor any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
Extension DescriptionThis Trustmark Definition requires no extension data.
Legal NoticeThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
NotesThe Georgia Tech Research Institute (GTRI) has published this document with the support of the National Strategy for Trusted Identities in Cyberspace (NSTIC) via the National Institute of Standards and Technology (NIST). The views expressed herein do not necessarily reflect the official policies of GTRI, NIST or NSTIC; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Conformance Criteria (1)


1: FICAM TFP Certification

The CSP MUST be certified at LOA 2 by a TFP that has been approved under the FICAM TFS initiative at LOA 2.

Citation(s)

Assessment Steps (1)


1: FICAM TFP Certification Assessment (FICAMTFPCertificationAssessment)

Has the CSP been certified at LOA 2 by a TFP that has been approved under the FICAM TFS initiative at LOA 2? Provide evidence of the certifying TFP's approval under the FICAM TFS initiative at LOA 2. Provide evidence of the TFP's certification of the CSP at LOA 2.

Required Artifact(s)
  • FICAM TFS Approval of TFP

    Evidence of the certifying TFP's approval under the FICAM TFS initiative at LOA 2.

  • TFP Certification of CSP

    Evidence of the TFP's certification of the CSP at LOA 2.

Issuance Criteria


yes(ALL)

Sources (3)


SP 800-63-2
NIST SP 800-63-2: Electronic Authentication Guideline, August, 2013
OMB M-04-04
Office of Management and Budget Memorandum M-04-04, December 16, 2003
TFPAP LOA 2
FICAM TFS Trust Framework Provider Adoption Process for All Levels of Assurance, v2.0.2, March, 14, 2014, Appendix A-2: Assurance Level 2

Terms (13)


credential service provider ( CSP )

An entity that issues or registers subscriber tokens and issues credentials to subscribers (i.e, a CSP conducts the issuance process). A CSP may encompass RAs and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.

Federal Identity, Credential, and Access Management Trust Framework Solutions ( FICAM TFS )

The Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions (TFS) program is is the federated identity framework for the U.S. Federal Government. It includes guidance, processes, and supporting infrastructure to enable secure and streamlined citizen and business facing online service delivery.

Identity, Credential, and Access Management ( ICAM )

A federal program that focuses on addressing challenges, pressing issues, and design requirements for digital identity, credential, and access management and defining and promoting consistency across approaches for implementing ICAM programs as reflected in the FICAM Roadmap & Implementation Guidance

Identity, Credential, and Access Management Sub-Committee ( ICAMSC )

A committee established in 2008 under the Federal CIO Council's Information Security and Identity Management Committee (ISIMC) and tasked with aligning the identity management activities of the Federal Government..

level of assurance ( LOA )

The degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued and the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. Also, see the use of assurance in [OMB M-04-04].

LOA 1

level of assurance 1. As defined in [OMB M-04-04], LOA 1 means "Little or no confidence in an asserted identity's validity". This is in contrast to levels 2, 3, and 4, which mean "some", "high", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 2

level of assurance 2. As defined in [OMB M-04-04], LOA 2 means "Some confidence in an asserted identity's validity". This is in contrast to levels 1, 3, and 4, which mean "little or no", "high", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 3

level of assurance 3. As defined in [OMB M-04-04], LOA 3 means "high confidence in an asserted identity's validity". This is in contrast to levels 1, 2, and 4, which mean "little or no", "some", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 4

level of assurance 4. As defined in [OMB M-04-04], LOA 4 means "very high confidence in an asserted identity's validity". This is in contrast to levels 1, 2, and 3, which mean "little or no", "some", and "high", respectively, in regards to assurance in an asserted identity's validity.

NIST

National Institute of Standards and Technology.

OMB

United States Office of Management and Budget.

relying party ( RP )

An entity that relies upon a subscriber's credentials or verifier's assertion of an identity, typically to process a transaction or grant access to an information system.

TFPAP

Trust Framework Provider Adoption Process, v2.0.2. See [TFPAP].