FICAM TFP-Certified CSP - LOA 2, v1.0

This trustmark indicates identity LOA 2 certification by a TFP approved under the FICAM TFS initiative.

Assessment Step

1
FICAM TFP Certification Assessment (FICAMTFPCertificationAssessment)

Has the CSP been certified at LOA 2 by a TFP that has been approved under the FICAM TFS initiative at LOA 2? Provide evidence of the certifying TFP's approval under the FICAM TFS initiative at LOA 2. Provide evidence of the TFP's certification of the CSP at LOA 2.

Artifacts
FICAM TFS Approval of TFP

Evidence of the certifying TFP's approval under the FICAM TFS initiative at LOA 2.

TFP Certification of CSP

Evidence of the TFP's certification of the CSP at LOA 2.

Conformance Criteria (1)

FICAM TFP Certification

The CSP MUST be certified at LOA 2 by a TFP that has been approved under the FICAM TFS initiative at LOA 2.

Citation
TFPAP LOA 2
Authentication Process Table, Item 1

Metadata

Publication Date 2017-05-18
Trustmark Reference Attribute https://artifacts.trustmarkinitiative.org/lib/trustmark-definitions/ficam-tfp-certified-csp-loa-2/1.0//trustmark-reference/
Issuing Organization
No Responder support@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords FICAM, FICAM TFS, CSP, Credential Service Provider, IDP, Identity Provider, LOA 2, Level of Assurance 2,
Supersedes
Issuance Criteria
yes(ALL)
Target Stakeholder Organizations that have a vested interest in the U.S. Federal Identity, Credential, and Access Management (FICAM) program and its technical specifications.
Target Recipient Credential Service Providers that wish to provide their users with access to Relying Party services offered by U.S. federal government agencies and other organizations that have adopted the FICAM SAML SSO Profile.
Target Relying Party Relying Parties that wish to conform to the FICAM SAML SSO Profile and/or interoperate with Identity Providers that conform to the FICAM SAML SSO Profile.
Target Provider Trust Framework Providers (TFPs) that are approved under the FICAM TFS program.
Provider Eligibility Criteria Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.
Assessor Qualifications Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.
Trustmark Revocation Criteria For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.
Extension Description This Trustmark Definition requires no extension data.
Legal Notice This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (3)

SP 800-63-2 NIST SP 800-63-2: Electronic Authentication Guideline, August, 2013
OMB M-04-04 Office of Management and Budget Memorandum M-04-04, December 16, 2003
TFPAP LOA 2 FICAM TFS Trust Framework Provider Adoption Process for All Levels of Assurance, v2.0.2, March, 14, 2014, Appendix A-2: Assurance Level 2

Terms (13)

Term Name Abbreviations Definition
credential service provider CSP

An entity that issues or registers subscriber tokens and issues credentials to subscribers (i.e, a CSP conducts the issuance process). A CSP may encompass RAs and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.

Federal Identity, Credential, and Access Management Trust Framework Solutions FICAM TFS

The Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions (TFS) program is is the federated identity framework for the U.S. Federal Government. It includes guidance, processes, and supporting infrastructure to enable secure and streamlined citizen and business facing online service delivery.

Identity, Credential, and Access Management ICAM

A federal program that focuses on addressing challenges, pressing issues, and design requirements for digital identity, credential, and access management and defining and promoting consistency across approaches for implementing ICAM programs as reflected in the FICAM Roadmap & Implementation Guidance

Identity, Credential, and Access Management Sub-Committee ICAMSC

A committee established in 2008 under the Federal CIO Council's Information Security and Identity Management Committee (ISIMC) and tasked with aligning the identity management activities of the Federal Government..

level of assurance LOA

The degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued and the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. Also, see the use of assurance in [OMB M-04-04].

LOA 1

level of assurance 1. As defined in [OMB M-04-04], LOA 1 means "Little or no confidence in an asserted identity's validity". This is in contrast to levels 2, 3, and 4, which mean "some", "high", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 2

level of assurance 2. As defined in [OMB M-04-04], LOA 2 means "Some confidence in an asserted identity's validity". This is in contrast to levels 1, 3, and 4, which mean "little or no", "high", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 3

level of assurance 3. As defined in [OMB M-04-04], LOA 3 means "high confidence in an asserted identity's validity". This is in contrast to levels 1, 2, and 4, which mean "little or no", "some", and "very high", respectively, in regards to assurance in an asserted identity's validity.

LOA 4

level of assurance 4. As defined in [OMB M-04-04], LOA 4 means "very high confidence in an asserted identity's validity". This is in contrast to levels 1, 2, and 3, which mean "little or no", "some", and "high", respectively, in regards to assurance in an asserted identity's validity.

NIST

National Institute of Standards and Technology.

OMB

United States Office of Management and Budget.

relying party RP

An entity that relies upon a subscriber's credentials or verifier's assertion of an identity, typically to process a transaction or grant access to an information system.

TFPAP

Trust Framework Provider Adoption Process, v2.0.2. See [TFPAP].

Also available as XML or JSON