For the first time since the inception of the Program in 2009, we are releasing a comprehensive update to the Program to incorporate Agency implementation feedback, ongoing lessons learned regarding the operational needs of shared service initiatives such as the Federal Cloud Credential Exchange (FCCX), as well as updates made as a result of changes in the private sector marketplace of identity services.
The FICAM Trust Framework Solutions Overview provides a holistic overview of the FICAM TFS Program
- Description of the components that make up the TFS Program
- The TFS role in supporting Government-wide policy and National Strategy implementations
- TFS and its implementation by Government Agencies
- TFS fast-track process for Financial Institutions required to implement a Customer Identification Program by Government regulators
- Relationship to the FICAM Testing Program for on-premise vendor solutions that implement FICAM protocol profiles
The components of the FICAM TFS Program are:
- The Trust Framework Provider Adoption Process for All Levels of Assurance describes the process by which the TFS Program evaluates and adopts commercial Trust Frameworks for use by the U.S. federal government
- Overview of the Trust Framework Adoption Process
- Incorporation of the privacy trust criteria into the Trust Framework adoption process
- Updated trust criteria to incorporate NIST SP-800-63-2
- Streamlined LOA 1 Trust Criteria
- Introduction of ongoing verification as an OPTIONAL trust criteria
- Support for Component Identity Services, and associated standardized terminology
- TFS Program's relationship to entities (CSPs etc.) that are assessed and evaluated by an adopted Trust Framework Provider
- The Authority To Offer Services (ATOS) for FICAM TFS Approved Identity Services makes explicit the requirements that identity services need to satisfy in order to offer their services to the U.S. federal government
- Clarification of approval decision authority of the FICAM TFS Program
- Explicit testing and verification of service interfaces to assure conformance to approved protocols and profiles
- Requirement to implement tested interfaces by the solution provider when offering the service to Government
- Standards based attribute requirements to enable identity resolution by Government relying parties at LOA 2 and greater
- The Identity Scheme and Protocol Profile Adoption Process describes the process by which protocol profiles are created, adopted and used by the government to ensure that the RP application and the CSP communicate in a secure, interoperable and reliable manner.
- Updated to allow the flexibility for Government to adopt protocol profiles created by industry, provided it meets Government needs for security, privacy and interoperability
- Standardized assurance level URIs for use in protocol profiles
- The Relying Party Guidance for Accepting Externally Issued Credentials provides guidance to Agencies on leveraging federated identity technologies to accept externally issued credentials
- The E-Governance Trust Services Certificate Authority provides a certificate issuance capability that supports the federated identity use cases of Agencies that require endpoint and message level protections
- The E-Governance Trust Services Metadata Services (EGTS Metadata Services), once implemented and made available, provides a trusted mechanism for the collection and distribution of metadata to enable identity federation capabilities
UPDATE 2/7/2014: The updates to the FICAM TFS have been finalized and are now available.
- FICAM Trust Framework Solutions Overview
- Trust Framework Provider Adoption Process for All Levels of Assurance
- Authority To Offer Services (ATOS) for FICAM TFS Approved Identity Services
- Identity Scheme and Protocol Profile Adoption Process
- Relying Party Guidance for Accepting Externally Issued Credentials
- E-Governance Trust Services Certificate Authority
:- by Anil John
:- Program Manager, FICAM Trust Framework Solutions