| TD: IDEF Third-Party Compliance

IDEF Third-Party Compliance, v1.0

Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement INTEROP-6: THIRD-PARTY COMPLIANCE.

Assessment Step

1 Third-Party Compliance (Third-PartyCompliance) Does the entity conduct digital identity management functions in a manner such that all of its third-party service providers comply with each of the applicable IDESG Baseline Requirements that apply to the entity? In this context, the term "third-party service provider" refers to third-parties that an assessed entity outsources or delegates to perform digital identity management functions on behalf of the assessed entity. Third-party service providers can include cloud computing service providers, federation operators, and others. Indicate "Not Applicable" (N/A) if the entity does not outsource or delegate any of its digital identity management functions or transactions to third-party service proviers. Artifact A1 Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.

Conformance Criteria (1)

Third-Party Compliance Entities that act as third-party service providers for another entity, in conducting digital identity management functions, must comply with each of the applicable IDESG Baseline Requirements that apply to that other entity and those relevant functions. Citation IDEF Page 6

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://artifacts.trustmarkinitiative.org/lib/tds/idef-third-party-compliance/1.0/

Publication Date

2018-10-01

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

IDEF, Compliance, Interoperability, Intermediaries, Transaction, Third-Parties

Issuance Criteria

no(NONE)

Target Recipient

Entities that want to participate in the Identity Ecosystem and demonstrate satisfaction of baseline identity service requirements and best practices such as those defined by the Identity Ecosystem Framework (IDEF) 1.0.

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

IDEF	Identity Ecosystem Steering Group. Identity Ecosystem Framework (IDEF) Baseline Functional Requirements v1.0 with Supplemental Guidance. Approved on 15 Oct 2015. https://www.idesg.org/portals/0/documents/core/IDEF-Baseline-Requirement-v1.0-with-Supplemental-Guidance_MOD.pdf.

Terms (4)

Term Name	Abbreviations	Definition
Digital Identity Management Function		Any of the functions described in the IDESG Functional Model (registration, credentialing, authentication, authorization, and intermediation), which also encompass enrollment, identity proofing, identity vetting, access control, attribute management, transaction processing, and identity data maintenance.
Entity		Any organization providing identity services.
Identity Ecosystem Framework	IDEF	The overarching set of policies, best practices and standards that serve as the policy foundation for the Identity Ecosystem.
Identity Ecosystem Steering Group	IDESG	A voluntary, public-private partnership dedicated to developing an Identity Ecosystem Framework (IDEF) and services to better online digital identity. The IDESG looks to advance the Identity Ecosystem called for in the National Strategy for Trusted Identities in Cyberspace (NSTIC).

Also available as XML or JSON