| Trustmark Definition Name | Version |
|---|---|
|
Credential Service Providers must protect the PII collected during the enrollment process to ensure confidentiality, integrity, and attribution of the information.
|
1.0 |
|
Credential Service Providers must have easy to find and use mechanisms in place to assist applicants when problems arise during identity proofing. These mechanisms should be evaluated for their efficacy.
|
1.0 |
|
Credential Service Providers should define within their lifecycle policy a schedule for re-proofing refereed subscribers.
|
1.0 |
|
Credential Service Providers that accept applications from minors under the age of 13 must adhere to Children's Online Privacy Protection Act (COPPA) and other laws as applicable.
|
1.0 |
|
Credential Service Providers engaging in remote identity proofing must ensure biometric data is collected in a supervised manner to ensure it is legitimate and for the applicant.
|
1.0 |
|
Credential Service Providers must identity proof trusted referees at the same identity assurance level as applicants, and must determine a minimum evidence set required to bind the referee and applicant.
|
1.0 |
|
Credential Service Providers engaging in unsupervised remote identity proofing must verify the applicant's address.
|
1.0 |
|
Credential Service Providers must use an authenticated and protected channel for identity proofing transactions involving third parties.
|
1.0 |
|
Credential Service Providers should use fraud mitigation measures to increase confidence during identity proofing. These fraud mitigation measures must undergo risk assessments properly documenting all mitigations.
|
1.0 |
|
Credential Service Providers must have a written policy and/or procedure describing how a trusted referee is determined and describing the lifecycle by which they retains their status.
|
1.0 |
|
Credential Service Providers must have a written policy or practice statement that details the identity proofing and enrollment processes that they perform.
|
1.0 |
|
Credential Service Providers must maintain audit logs recording all steps taken to verify the identity of applicants.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement USABLE-5: ACCESSIBILITY.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement INTEROP-8: ACCOUNTABILITY.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-12: ANONYMITY.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-3: ATTRIBUTE MINIMIZATION.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-15: ATTRIBUTE SEGREGATION.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-9: AUTHENTICATION RISK ASSESSMENT.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-13: CONTROLS PROPORTIONATE TO RISK.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-5: CREDENTIAL ISSUANCE.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-4: CREDENTIAL LIMITATION.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-4: CREDENTIAL PROTECTION.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-3: CREDENTIAL REPRODUCTION.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-6: CREDENTIAL UNIQUENESS.
|
1.0 |
|
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-5: DATA AGGREGATION RISK.
|
1.0 |
