SlideShare a Scribd company logo

Kantara webinar 800 63-3 approval 2020-07-15

Download as PPTX, PDF
kantarainitiative
kantarainitiative

This webinar discussed the process for becoming approved as conformant with NIST 800-63-3 under Kantara's Identity Assurance Framework. It covered an overview of the approval process, what is assessed in accordance with NIST 800-63-3, the role of third party assessors, the role of the Assurance Review Board in reviewing applications, and how approval can help organizations and impact the market. Representatives from Kantara, a third party assessor, and ID.me discussed their perspectives on the approval process.

Technology
1 of 37
What does it take to be Approved as NIST 800-63-3 conformant? WEBINAR 2020-07-15 Ethics & Conformance Trust Marked
Agenda 1. Welcome – Colin Wallis, Kantara’s Executive Director 2. Identity Assurance Trust Framework Overview and Approval process - Ruth Puente, Kantara's Assurance Operations Director 3. Kantara Assessment - Ray Kimble, Kuma's Founder & CEO 4. Role of the Assurance Review Board in the Approval process - Leif Johansson, ARB Chair 5. How do you see Kantara's approval helping your organization and its impact in the market? - Blake Hall, ID.me's Founder & CEO 6. Q&A session moderated by Colin Wallis 7. Wrap-up by Colin Wallis
Identity Assurance Trust Framework and Approval process Ruth Puente, Kantara's Assurance Operations Director Ethics & Conformance Trust Marked
Kantara’s Identity Assurance Framework (IAF) • Kantara Initiative is a Trust Framework Provider since 2010, which accredits Assessors and Approves Service Providers based on the agreed Service Assessment Criteria. • Approval is based on independent third-party assessments, performed by Kantara-Accredited Assessors, of the subject services, to determine those services’ conformity to the applicable criteria. Kantara is the only organization that provides Third Party Assessment against the primary NIST standard for identity.
Kantara Approval Processes Initial Application • Scope • Application package: Statement of Criteria Applicability; Specification of a Service Subject to Assessment (S3A); Application form. • ARB Review 3rd Party Assessment • Accredited Assessor conducts triennial assessment relative to appropriate Service Assessment Criteria and produces a Kantara Assessor Report (KAR). • Applicant works with the Assessor to address non-conforming service areas. Approval Application •Application package following assessment and a finding of conformity: Kantara Assessor’s Report (KAR), Statement of Conformity (SoC), detailed Service Subject to Assessment (S3A) and updated application form. •ARB Review Decision • ARB Recommendation • Board of Directors ratification of approval • Issuance of 3-year cycle Trust Mark; Trust Mark License Agreement Surveillance • Annual Conformity Reviews • Unscheduled assessments • Changes that may affect approval https://kantarainitiative.org/trustoperations/service-provider-approval/
Kantara Assessment Ray Kimble, Kuma's Founder & CEO Ethics & Conformance Trust Marked
KANTARA NIST 800-63-3 ASSESSMENT
What is assessed? • NIST Special Publication 800-63-3A (Enrollment and Identity Proofing) • NIST Special Publication 800-63-3B (Authentication and Lifecycle Management) • NIST Special Publication 800-63-3C (Federation and Assertions) 2
800-63-3A – Enrollment and Identity Proofing • IAL 1 • CSP shall not validate and verify attributes • IAL 2 (remote or in-person) • Allows for remote and in-person proofing • Once piece of SUPERIOR or STRONG evidence OR • Two pieces of STRONG evidence OR • One piece of STRONG evidence plus two pieces of FAIR evidence • IAL3 (in-person or supervised remote) • Two pieces of SUPERIOR evidence OR • One piece of SUPERIOR evidence and one piece of STRONG OR • Two pieces of STRONG and one piece of FAIR evidence 3
800-63-3A – Enrollment and Identity Proofing • Strengths of Evidence (Driver’s License, SSN, Phone number, etc) • Fair • Unique identifier or Photo/biometric • Strong • Issuing source of evidence confirmed the claimed identity through written procedures • Has it’s written procedures subjected to recurring oversight by regulatory or publicly accountable institutions • Unique identifier • Full name match • Photo, Biometric or existing AAL2/IAL2 service • Superior • Written procedures, recurring oversight, visually identified • Unique identifier, full name match • Photo and Biometric and protected digital information 4
800-63-3A – Enrollment and Identity Proofing • Validating Identity Evidence • Fair • Attributes confirmed as valid by comparison to held or published issuing or authoritative source Or • Has confirmed as genuine using appropriate technologies Or • Confirmed as genuine by trained personnel Or • Confirmed as genuine by confirmation of the integrity of crypto security features. • Strong • One of the above plus comparison with held or published information • Superior • All of the above. 5
800-63-3A – Enrollment and Identity Proofing • Verifying Identity Evidence • Strong • CSP shall confirm applicant’s ownership of claimed identity by • Physical comparison to the strongest piece of evidence Or • Biometric comparison • Superior • Both 6
NIST 800-63-3B (Authentication and Lifecycle Management) • AAL 1 • Either single-factor or multi-factor authentication • Requires claimant prove possession and control of the Authenticator • AAL 2 (remote or in-person) • Proof of possession and control • Two distinct authentication factors are required • Approved crypto techniques are required • AAL3 (in-person or supervised remote) • Requires proof of possession of a key through a crypto protocol • Hardware-based authenticator and an authenticator that provides verifier impersonation resistance • Proof of possession and control • Two distinct authentication factors are required • Approved crypto techniques are required 7
NIST 800-63-3B (Authentication and Lifecycle Management) • Consistent identifier for subject and identifier • MFA or 2 Single Factors • Multi factor OTP device • Multi factor Crypto device or software • 2 single factors • Memorized secret authenticator plus one of • Look-up secret • Out of band device • Single-factor OTP device, Crypto software (FIPS 140-1) or device • Data Retention schedule, privacy controls, etc 8
Assessment Process Engage with one of the certified third-party assessors Assessment typically begins with evidence collection and then quickly moves into analysis Typical assessments take any where from 4-6 weeks Assessment cycle is the initial full certification; followed by annual conformity reviews 9
Best Practices • Understand your need for conducting the assessment • Customer requirement • Competitive Advantage • Maturity Assessment • Review the NIST 800-63-3 guidelines and Kantara materials to gauge your readiness or talk to an assessor • Have your documentation ready to go for the assessment 10
Contact Information Raymond Kimble Founder and CEO Ray.Kimble@kuma.pro 11
Role of the Assurance Review Board in the Approval Leif Johansson, ARB Chair Ethics & Conformance Trust Marked
The Assurance Review Board (ARB) ● Tom Barton (InCommon/Internet2) ● Jamie Clark (OASIS) ● Nathan Faut (KPMG) ● Leif Johansson (SUNET - ARB Chair) ● David Temoshok (NIST) ● Richard Trevorah (T-Scheme) ● Ken Dagg (independent, IAWG liason - non-voting) ● Richard Wiltshire (Zygma, technical advisor - non-voting)
The ARB scope & composition 1. Review applications and make recommendations to the Board of Directors 2. Provide oversight over the Kantara Trust Program Operations https://kantarainitiative.org/trustoperations/arb/arb-charter/
The ARB day-to-day operations ● Meets every Monday ● Oversight and process issues are discussed by the full ARB ● Reviews are conducted by voting members in recused sessions
A typical ARB review (service) ● Service organization provides supporting documentation and review letter (KAR) produced by the designated auditor ● ARB review normally takes 1-2 meetings - anything longer indicates a problem or clarification that needs addressing. ● Secretariat communicates ARB questions with Service ● Issues that require more than 3-4 round-trips are typically dealt with by direct calls with Service representatives. ● ARB does an internal retrospect of reviews that have resulted in many issues and will occasionally ask the IAWG to consider claritifications or amendments to the current SACs
A typical ARB review (assessor) ● Assessor organization provides supporting documentation and review letter ● ARB assessor review normally takes 4-5 meetings ● It is normal and expected for ARB to ask both new and returning assessors lots of clarifying questions to ensure trust in the assessor.
How do you see Kantara's approval helping your organization and its impact in the market? Blake Hall, ID.me's Founder & CEO Ethics & Conformance Trust Marked
Secure & Frictionless Authentication July 2020 | Kantara
2 NetworkedSites CredentialPortability Credential Identity & Authentication ID.me fills the trusted and portable role Digital Identity is Broken Portable logins aren’t trusted and trusted logins aren’t portable Confidential & Proprietary Information of ID.me
At the same time, identity underpins literally every transaction in society 3 Civic Benefits Employment Legal Rights Education Healthcare Financial Services Commerce Streaming Subscriptions Transportation Licensing Property Signatures/Notarization
Advertising companies run portable logins and our thesis is users don’t, and won’t, trust them – will Facebook be the identity utility for voting? No. They are blocked by their positioning and business model. 4 CONSUMERTRUST H E A LT H C A R E A P P S O N L I N E V O T I N G A P P S F I N A N C I A L S E R V I C E S A P P S Confidential & Proprietary Information of ID.me
Kantara’s Trust Mark Enables Organizations to Rely Upon ID.me: Enabling a standardized network for portable digital credentials 5 Payments Pre-Visa & MC (1958) Payments Post-Visa & MC DRIVEN BY NEED FOR: Trust Branding Ubiquity Network Competition Standards Liability Rules Confidential & Proprietary Information of ID.me
6 FEDERAL GOVERNMENT RETAIL & CONSUMER TECHNOLOGY STATE AND LOCAL GOVERNMENT HEALTHCARE & FINANCIAL SERVICES Leading brands trust ID.me to streamline user authentication and remove friction and fraud from their business Confidential & Proprietary Information of ID.me
ID.me is the only authentication provider in the American market that has the ability to identity proof all users via all channels ONLINE, SELF-SERVE IN-PERSON PROOFING WITH TRUSTED REFEREE Trained agent proofs user to NIST IAL2 via video chat User visits a healthcare facility or tax preparer and binds the in-person visit to a digital ID MOST COMMON If user hits a roadblock verifying their identity online. VIRTUAL IN-PERSON PROOFING VIA VIDEO CONFERENCE CHAT WITH AN ID.ME TRAINED CALL CENTER AGENT RELIEF VALVE Confidential & Proprietary Information of ID.me EXCEPTIONS OPPORTUNISTIC 7
8 Enabling all users to prove their identity online significantly reduces public sector agencies’ total cost of ownership when online authentication fails $54Call Center Proofing $89In-Person Proofing Source: GAO Report on Taxpayer Authentication https://www.gao.gov/assets/700/692712.pdf Confidential & Proprietary Information of ID.me
Enabling Secure & Efficient Transactions for Everyone Goal is to increase access for legitimate users and to reduce fraud: Define an appropriate authentication policy based on the transaction’s risk and regulatory requirements Enable users to choose between a custom branded verification path and ID.me’s interoperable network Increase revenue and reduce fraud and operational cost by eliminating friction 9Confidential & Proprietary Information of ID.me
Thank You! Blake Hall About ID.me ID.me is the next-generation digital identity platform that enables trusted and convenient interactions between individuals and organizations. ID.me provides seamless online identity verification for government, financial services, and healthcare to facilitate access to high value services online and keep them safe from fraud. The platform brings together best-in-class identity and fraud vendors into a comprehensive, easy-to-deploy solution for partners. For more information, visit www.ID.me. Founder & CEO O: 703-639-0052 blake@ID.me Twitter: @blake_hall
Questions & Answers moderated by Colin Wallis, Kantara’s Executive Director Ethics & Conformance Trust Marked
Wrap-up Colin Wallis, Kantara’s Executive Director Ethics & Conformance Trust Marked
Nurture. Develop. Operate. – that’s what we do! Contact: Ruth Puente, Assurance Operations Director ruth@kantarainitiative.org Website: www.kantarainitiative.org Twitter: @KantaraNews Newsletter sign-up: website header and footer Ethics & Conformance TrustMarked

Recommended

Kantara webinar 800 63-3 approval 2020-07-15
Kantara webinar 800 63-3 approval 2020-07-15Kantara webinar 800 63-3 approval 2020-07-15
Kantara webinar 800 63-3 approval 2020-07-15
kantarainitiative
 
29115_briefing_2012_rcb 012012.ppt
29115_briefing_2012_rcb 012012.ppt29115_briefing_2012_rcb 012012.ppt
29115_briefing_2012_rcb 012012.ppt
Le Duc Anh
 
Kantara Overview June 2013
Kantara Overview June 2013Kantara Overview June 2013
Kantara Overview June 2013
kantarainitiative
 
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
Jesse Wilkins
 
The Realities of Residential Evaluations
The Realities of Residential EvaluationsThe Realities of Residential Evaluations
The Realities of Residential Evaluations
Carl Streck
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online Trust
Alex Todd
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
Brian Ahier
 
Information Assurance for Accountant 2007
Information Assurance for Accountant 2007Information Assurance for Accountant 2007
Information Assurance for Accountant 2007
Donald E. Hester
 

Recommended

Kantara webinar 800 63-3 approval 2020-07-15
Kantara webinar 800 63-3 approval 2020-07-15Kantara webinar 800 63-3 approval 2020-07-15
Kantara webinar 800 63-3 approval 2020-07-15
kantarainitiative
 
29115_briefing_2012_rcb 012012.ppt
29115_briefing_2012_rcb 012012.ppt29115_briefing_2012_rcb 012012.ppt
29115_briefing_2012_rcb 012012.ppt
Le Duc Anh
 
Kantara Overview June 2013
Kantara Overview June 2013Kantara Overview June 2013
Kantara Overview June 2013
kantarainitiative
 
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
20230224 ARMA Sunshine The Best Certifications for Records Managers.pptx
Jesse Wilkins
 
The Realities of Residential Evaluations
The Realities of Residential EvaluationsThe Realities of Residential Evaluations
The Realities of Residential Evaluations
Carl Streck
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online Trust
Alex Todd
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
Brian Ahier
 
Information Assurance for Accountant 2007
Information Assurance for Accountant 2007Information Assurance for Accountant 2007
Information Assurance for Accountant 2007
Donald E. Hester
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1
Abbie Barbir
 
Investigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob WellsInvestigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob Wells
Reynolds Center for Business Journalism
 
Kantara a Global Context 2011
Kantara a Global Context 2011Kantara a Global Context 2011
Kantara a Global Context 2011
kantarainitiative
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
Cyber Security Partners
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Ethics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductEthics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional Conduct
McKonly & Asbury, LLP
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from Pilots
CloudIDSummit
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
GlobalSign
 
ThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssuesThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssues
Molly Dowdy
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
ControlCase
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
Bhargav Upadhyay
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
David Castro
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...
Martin Thompson
 
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
Jesse Wilkins
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
DVV Solutions Third Party Risk Management
 
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
Abdulkadir Jelani Abubakar
 
Kantara initiative - AGM 2022
Kantara initiative - AGM 2022Kantara initiative - AGM 2022
Kantara initiative - AGM 2022
kantarainitiative
 
2021 Annual General Meeting
2021 Annual General Meeting2021 Annual General Meeting
2021 Annual General Meeting
kantarainitiative
 

More Related Content

Similar to Kantara webinar 800 63-3 approval 2020-07-15

Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1
Abbie Barbir
 
Investigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob WellsInvestigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob Wells
Reynolds Center for Business Journalism
 
Kantara a Global Context 2011
Kantara a Global Context 2011Kantara a Global Context 2011
Kantara a Global Context 2011
kantarainitiative
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
Cyber Security Partners
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Ethics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductEthics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional Conduct
McKonly & Asbury, LLP
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
WSO2
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from Pilots
CloudIDSummit
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
GlobalSign
 
ThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssuesThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssues
Molly Dowdy
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
ControlCase
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
Bhargav Upadhyay
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
David Castro
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...
Martin Thompson
 
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
Jesse Wilkins
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
DVV Solutions Third Party Risk Management
 
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
Abdulkadir Jelani Abubakar
 

Similar to Kantara webinar 800 63-3 approval 2020-07-15 (20)

Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1
 
Investigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob WellsInvestigating Stockbrokers and Financial Advisers by Rob Wells
Investigating Stockbrokers and Financial Advisers by Rob Wells
 
Kantara a Global Context 2011
Kantara a Global Context 2011Kantara a Global Context 2011
Kantara a Global Context 2011
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Ethics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductEthics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional Conduct
 
Governance and Security Solution Patterns
Governance and Security Solution Patterns Governance and Security Solution Patterns
Governance and Security Solution Patterns
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from Pilots
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
ThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssuesThreeCommonAppraisalComplianceIssues
ThreeCommonAppraisalComplianceIssues
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
 
How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...
 
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptx
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
 
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
IMPERATIVES OF STANDARDS AND PROFESSIONALISM OF IDENTITY VERIFICATION Jelani....
 

More from kantarainitiative

Kantara initiative - AGM 2022
Kantara initiative - AGM 2022Kantara initiative - AGM 2022
Kantara initiative - AGM 2022
kantarainitiative
 
2021 Annual General Meeting
2021 Annual General Meeting2021 Annual General Meeting
2021 Annual General Meeting
kantarainitiative
 
2020 Annual General Meeting Executive Summary
2020 Annual General Meeting Executive Summary2020 Annual General Meeting Executive Summary
2020 Annual General Meeting Executive Summary
kantarainitiative
 
2020 Annual General Meeting
2020 Annual General Meeting2020 Annual General Meeting
2020 Annual General Meeting
kantarainitiative
 
AARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara InitiativeAARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara Initiative
kantarainitiative
 
Kantara uma webinar july 2020
Kantara uma webinar july 2020Kantara uma webinar july 2020
Kantara uma webinar july 2020
kantarainitiative
 
Kantara orientation april 2020
Kantara orientation april 2020Kantara orientation april 2020
Kantara orientation april 2020
kantarainitiative
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
kantarainitiative
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
kantarainitiative
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
kantarainitiative
 
Kantara orientation 2018
Kantara orientation 2018Kantara orientation 2018
Kantara orientation 2018
kantarainitiative
 
Kantara Overview 2017
Kantara Overview 2017Kantara Overview 2017
Kantara Overview 2017
kantarainitiative
 
Kantara Workshop at CIS
Kantara Workshop at CISKantara Workshop at CIS
Kantara Workshop at CIS
kantarainitiative
 
Cloud Identity Summit
Cloud Identity SummitCloud Identity Summit
Cloud Identity Summit
kantarainitiative
 
Trust Frameworks Explained
Trust Frameworks ExplainedTrust Frameworks Explained
Trust Frameworks Explained
kantarainitiative
 
Mobile Device and Attribute Validation (MDAV)
Mobile Device and Attribute Validation (MDAV)Mobile Device and Attribute Validation (MDAV)
Mobile Device and Attribute Validation (MDAV)
kantarainitiative
 
Kantara Initiative, Inc in 2016
Kantara Initiative, Inc in 2016 Kantara Initiative, Inc in 2016
Kantara Initiative, Inc in 2016
kantarainitiative
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Update
kantarainitiative
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
The state of uma 2014 11-03
The state of uma 2014 11-03The state of uma 2014 11-03
The state of uma 2014 11-03
kantarainitiative
 

More from kantarainitiative (20)

Kantara initiative - AGM 2022
Kantara initiative - AGM 2022Kantara initiative - AGM 2022
Kantara initiative - AGM 2022
 
2021 Annual General Meeting
2021 Annual General Meeting2021 Annual General Meeting
2021 Annual General Meeting
 
2020 Annual General Meeting Executive Summary
2020 Annual General Meeting Executive Summary2020 Annual General Meeting Executive Summary
2020 Annual General Meeting Executive Summary
 
2020 Annual General Meeting
2020 Annual General Meeting2020 Annual General Meeting
2020 Annual General Meeting
 
AARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara InitiativeAARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara Initiative
 
Kantara uma webinar july 2020
Kantara uma webinar july 2020Kantara uma webinar july 2020
Kantara uma webinar july 2020
 
Kantara orientation april 2020
Kantara orientation april 2020Kantara orientation april 2020
Kantara orientation april 2020
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
 
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
Kantara Initiative orientation 2019 (incl. 10th Anniversary video)
 
Kantara orientation 2018
Kantara orientation 2018Kantara orientation 2018
Kantara orientation 2018
 
Kantara Overview 2017
Kantara Overview 2017Kantara Overview 2017
Kantara Overview 2017
 
Kantara Workshop at CIS
Kantara Workshop at CISKantara Workshop at CIS
Kantara Workshop at CIS
 
Cloud Identity Summit
Cloud Identity SummitCloud Identity Summit
Cloud Identity Summit
 
Trust Frameworks Explained
Trust Frameworks ExplainedTrust Frameworks Explained
Trust Frameworks Explained
 
Mobile Device and Attribute Validation (MDAV)
Mobile Device and Attribute Validation (MDAV)Mobile Device and Attribute Validation (MDAV)
Mobile Device and Attribute Validation (MDAV)
 
Kantara Initiative, Inc in 2016
Kantara Initiative, Inc in 2016 Kantara Initiative, Inc in 2016
Kantara Initiative, Inc in 2016
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Update
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
The state of uma 2014 11-03
The state of uma 2014 11-03The state of uma 2014 11-03
The state of uma 2014 11-03
 

Recently uploaded

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 

Recently uploaded (20)

Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 

Kantara webinar 800 63-3 approval 2020-07-15

  • 1. What does it take to be Approved as NIST 800-63-3 conformant? WEBINAR 2020-07-15 Ethics & Conformance Trust Marked
  • 2. Agenda 1. Welcome – Colin Wallis, Kantara’s Executive Director 2. Identity Assurance Trust Framework Overview and Approval process - Ruth Puente, Kantara's Assurance Operations Director 3. Kantara Assessment - Ray Kimble, Kuma's Founder & CEO 4. Role of the Assurance Review Board in the Approval process - Leif Johansson, ARB Chair 5. How do you see Kantara's approval helping your organization and its impact in the market? - Blake Hall, ID.me's Founder & CEO 6. Q&A session moderated by Colin Wallis 7. Wrap-up by Colin Wallis
  • 3. Identity Assurance Trust Framework and Approval process Ruth Puente, Kantara's Assurance Operations Director Ethics & Conformance Trust Marked
  • 4. Kantara’s Identity Assurance Framework (IAF) • Kantara Initiative is a Trust Framework Provider since 2010, which accredits Assessors and Approves Service Providers based on the agreed Service Assessment Criteria. • Approval is based on independent third-party assessments, performed by Kantara-Accredited Assessors, of the subject services, to determine those services’ conformity to the applicable criteria. Kantara is the only organization that provides Third Party Assessment against the primary NIST standard for identity.
  • 5. Kantara Approval Processes Initial Application • Scope • Application package: Statement of Criteria Applicability; Specification of a Service Subject to Assessment (S3A); Application form. • ARB Review 3rd Party Assessment • Accredited Assessor conducts triennial assessment relative to appropriate Service Assessment Criteria and produces a Kantara Assessor Report (KAR). • Applicant works with the Assessor to address non-conforming service areas. Approval Application •Application package following assessment and a finding of conformity: Kantara Assessor’s Report (KAR), Statement of Conformity (SoC), detailed Service Subject to Assessment (S3A) and updated application form. •ARB Review Decision • ARB Recommendation • Board of Directors ratification of approval • Issuance of 3-year cycle Trust Mark; Trust Mark License Agreement Surveillance • Annual Conformity Reviews • Unscheduled assessments • Changes that may affect approval https://kantarainitiative.org/trustoperations/service-provider-approval/
  • 6. Kantara Assessment Ray Kimble, Kuma's Founder & CEO Ethics & Conformance Trust Marked
  • 8. What is assessed? • NIST Special Publication 800-63-3A (Enrollment and Identity Proofing) • NIST Special Publication 800-63-3B (Authentication and Lifecycle Management) • NIST Special Publication 800-63-3C (Federation and Assertions) 2
  • 9. 800-63-3A – Enrollment and Identity Proofing • IAL 1 • CSP shall not validate and verify attributes • IAL 2 (remote or in-person) • Allows for remote and in-person proofing • Once piece of SUPERIOR or STRONG evidence OR • Two pieces of STRONG evidence OR • One piece of STRONG evidence plus two pieces of FAIR evidence • IAL3 (in-person or supervised remote) • Two pieces of SUPERIOR evidence OR • One piece of SUPERIOR evidence and one piece of STRONG OR • Two pieces of STRONG and one piece of FAIR evidence 3
  • 10. 800-63-3A – Enrollment and Identity Proofing • Strengths of Evidence (Driver’s License, SSN, Phone number, etc) • Fair • Unique identifier or Photo/biometric • Strong • Issuing source of evidence confirmed the claimed identity through written procedures • Has it’s written procedures subjected to recurring oversight by regulatory or publicly accountable institutions • Unique identifier • Full name match • Photo, Biometric or existing AAL2/IAL2 service • Superior • Written procedures, recurring oversight, visually identified • Unique identifier, full name match • Photo and Biometric and protected digital information 4
  • 11. 800-63-3A – Enrollment and Identity Proofing • Validating Identity Evidence • Fair • Attributes confirmed as valid by comparison to held or published issuing or authoritative source Or • Has confirmed as genuine using appropriate technologies Or • Confirmed as genuine by trained personnel Or • Confirmed as genuine by confirmation of the integrity of crypto security features. • Strong • One of the above plus comparison with held or published information • Superior • All of the above. 5
  • 12. 800-63-3A – Enrollment and Identity Proofing • Verifying Identity Evidence • Strong • CSP shall confirm applicant’s ownership of claimed identity by • Physical comparison to the strongest piece of evidence Or • Biometric comparison • Superior • Both 6
  • 13. NIST 800-63-3B (Authentication and Lifecycle Management) • AAL 1 • Either single-factor or multi-factor authentication • Requires claimant prove possession and control of the Authenticator • AAL 2 (remote or in-person) • Proof of possession and control • Two distinct authentication factors are required • Approved crypto techniques are required • AAL3 (in-person or supervised remote) • Requires proof of possession of a key through a crypto protocol • Hardware-based authenticator and an authenticator that provides verifier impersonation resistance • Proof of possession and control • Two distinct authentication factors are required • Approved crypto techniques are required 7
  • 14. NIST 800-63-3B (Authentication and Lifecycle Management) • Consistent identifier for subject and identifier • MFA or 2 Single Factors • Multi factor OTP device • Multi factor Crypto device or software • 2 single factors • Memorized secret authenticator plus one of • Look-up secret • Out of band device • Single-factor OTP device, Crypto software (FIPS 140-1) or device • Data Retention schedule, privacy controls, etc 8
  • 15. Assessment Process Engage with one of the certified third-party assessors Assessment typically begins with evidence collection and then quickly moves into analysis Typical assessments take any where from 4-6 weeks Assessment cycle is the initial full certification; followed by annual conformity reviews 9
  • 16. Best Practices • Understand your need for conducting the assessment • Customer requirement • Competitive Advantage • Maturity Assessment • Review the NIST 800-63-3 guidelines and Kantara materials to gauge your readiness or talk to an assessor • Have your documentation ready to go for the assessment 10
  • 17. Contact Information Raymond Kimble Founder and CEO Ray.Kimble@kuma.pro 11
  • 18. Role of the Assurance Review Board in the Approval Leif Johansson, ARB Chair Ethics & Conformance Trust Marked
  • 19. The Assurance Review Board (ARB) ● Tom Barton (InCommon/Internet2) ● Jamie Clark (OASIS) ● Nathan Faut (KPMG) ● Leif Johansson (SUNET - ARB Chair) ● David Temoshok (NIST) ● Richard Trevorah (T-Scheme) ● Ken Dagg (independent, IAWG liason - non-voting) ● Richard Wiltshire (Zygma, technical advisor - non-voting)
  • 20. The ARB scope & composition 1. Review applications and make recommendations to the Board of Directors 2. Provide oversight over the Kantara Trust Program Operations https://kantarainitiative.org/trustoperations/arb/arb-charter/
  • 21. The ARB day-to-day operations ● Meets every Monday ● Oversight and process issues are discussed by the full ARB ● Reviews are conducted by voting members in recused sessions
  • 22. A typical ARB review (service) ● Service organization provides supporting documentation and review letter (KAR) produced by the designated auditor ● ARB review normally takes 1-2 meetings - anything longer indicates a problem or clarification that needs addressing. ● Secretariat communicates ARB questions with Service ● Issues that require more than 3-4 round-trips are typically dealt with by direct calls with Service representatives. ● ARB does an internal retrospect of reviews that have resulted in many issues and will occasionally ask the IAWG to consider claritifications or amendments to the current SACs
  • 23. A typical ARB review (assessor) ● Assessor organization provides supporting documentation and review letter ● ARB assessor review normally takes 4-5 meetings ● It is normal and expected for ARB to ask both new and returning assessors lots of clarifying questions to ensure trust in the assessor.
  • 24. How do you see Kantara's approval helping your organization and its impact in the market? Blake Hall, ID.me's Founder & CEO Ethics & Conformance Trust Marked
  • 25. Secure & Frictionless Authentication July 2020 | Kantara
  • 26. 2 NetworkedSites CredentialPortability Credential Identity & Authentication ID.me fills the trusted and portable role Digital Identity is Broken Portable logins aren’t trusted and trusted logins aren’t portable Confidential & Proprietary Information of ID.me
  • 27. At the same time, identity underpins literally every transaction in society 3 Civic Benefits Employment Legal Rights Education Healthcare Financial Services Commerce Streaming Subscriptions Transportation Licensing Property Signatures/Notarization
  • 28. Advertising companies run portable logins and our thesis is users don’t, and won’t, trust them – will Facebook be the identity utility for voting? No. They are blocked by their positioning and business model. 4 CONSUMERTRUST H E A LT H C A R E A P P S O N L I N E V O T I N G A P P S F I N A N C I A L S E R V I C E S A P P S Confidential & Proprietary Information of ID.me
  • 29. Kantara’s Trust Mark Enables Organizations to Rely Upon ID.me: Enabling a standardized network for portable digital credentials 5 Payments Pre-Visa & MC (1958) Payments Post-Visa & MC DRIVEN BY NEED FOR: Trust Branding Ubiquity Network Competition Standards Liability Rules Confidential & Proprietary Information of ID.me
  • 30. 6 FEDERAL GOVERNMENT RETAIL & CONSUMER TECHNOLOGY STATE AND LOCAL GOVERNMENT HEALTHCARE & FINANCIAL SERVICES Leading brands trust ID.me to streamline user authentication and remove friction and fraud from their business Confidential & Proprietary Information of ID.me
  • 31. ID.me is the only authentication provider in the American market that has the ability to identity proof all users via all channels ONLINE, SELF-SERVE IN-PERSON PROOFING WITH TRUSTED REFEREE Trained agent proofs user to NIST IAL2 via video chat User visits a healthcare facility or tax preparer and binds the in-person visit to a digital ID MOST COMMON If user hits a roadblock verifying their identity online. VIRTUAL IN-PERSON PROOFING VIA VIDEO CONFERENCE CHAT WITH AN ID.ME TRAINED CALL CENTER AGENT RELIEF VALVE Confidential & Proprietary Information of ID.me EXCEPTIONS OPPORTUNISTIC 7
  • 32. 8 Enabling all users to prove their identity online significantly reduces public sector agencies’ total cost of ownership when online authentication fails $54Call Center Proofing $89In-Person Proofing Source: GAO Report on Taxpayer Authentication https://www.gao.gov/assets/700/692712.pdf Confidential & Proprietary Information of ID.me
  • 33. Enabling Secure & Efficient Transactions for Everyone Goal is to increase access for legitimate users and to reduce fraud: Define an appropriate authentication policy based on the transaction’s risk and regulatory requirements Enable users to choose between a custom branded verification path and ID.me’s interoperable network Increase revenue and reduce fraud and operational cost by eliminating friction 9Confidential & Proprietary Information of ID.me
  • 34. Thank You! Blake Hall About ID.me ID.me is the next-generation digital identity platform that enables trusted and convenient interactions between individuals and organizations. ID.me provides seamless online identity verification for government, financial services, and healthcare to facilitate access to high value services online and keep them safe from fraud. The platform brings together best-in-class identity and fraud vendors into a comprehensive, easy-to-deploy solution for partners. For more information, visit www.ID.me. Founder & CEO O: 703-639-0052 blake@ID.me Twitter: @blake_hall
  • 35. Questions & Answers moderated by Colin Wallis, Kantara’s Executive Director Ethics & Conformance Trust Marked
  • 36. Wrap-up Colin Wallis, Kantara’s Executive Director Ethics & Conformance Trust Marked
  • 37. Nurture. Develop. Operate. – that’s what we do! Contact: Ruth Puente, Assurance Operations Director ruth@kantarainitiative.org Website: www.kantarainitiative.org Twitter: @KantaraNews Newsletter sign-up: website header and footer Ethics & Conformance TrustMarked

Editor's Notes

  1. Topics include: Gain understanding of Facial Recognition Technology and how it is used by government and companies Discuss concerns about both intended and unanticipated consequences of FRT, including government surveillance and racial/ethnic profiling Learn how government agencies are taking strides to balance the benefits of FRT with ensuring the protection of individuals' data and rights