TMCnet News

ID.me Becomes First Identity Provider to Be Approved as NIST 800-63-3 Conformant
[August 16, 2018]

ID.me Becomes First Identity Provider to Be Approved as NIST 800-63-3 Conformant


ID.me, the next generation identity platform, is announcing today that it has been granted Approval by the Kantara Initiative's Board of Directors as a full Credential Service Provider conformant to NIST's recently issued Special Publication (SP) 800-63-3 guidelines at Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2). ID.me is the first Credential Service Provider to be recognized under Kantara's new NIST 800-63 rev.3 Class of Approval, reinforcing ID.me's leading place in the identity ecosphere. Kantara is the leading global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.

In addition to the NIST 800-63-3 IAL2 / AAL2 ID.me-branded credentialing service available today, ID.me will extend its IAL2 / AAL2 infrastructure to government agencies and healthcare organizations as a white label service, starting in 2019.

The new NIST digital identity guidelines are vital for security, citizen access and interoperability across government and healthcare. Federal agencies are expected to meet the requirements of, and be in compliance with, the new NIST guidelines for all new and existing citizen-facing applications that require a high degree of trust. In healthcare, the Drug Enforcement Administration (DEA) requires NIST 800-63 compliant credentials for healthcare providers to electronically prescribe controlled substances. Moreover, the U.S. Department of Health and Human Services (HHS) is working on the Trusted Exchange Framework and Common Agreement set for publication in late 2018 to define standards for interoperability between healthcare systems. The Trusted Exchange Framework recommends the adoption of NIST 800-63-3 IAL2 / AAL2 identity guidelines for patient portals.

"The opioid crisis and a growing demand for patient-directed data exchange have created a perfect storm for trusted digital identity in healthcare. Securing the identities of prescribing physicians and the patients they treat is a critical step in fighting the opioid crisis, controlling costs and creating efficiencies in healthcare," said Blake Hall, ID.me CEO. "With requirements like 800-63-3, the industry can trust a shared login service so users can bring their identity and data with them across websites without having to take the time-consuming and frustrating steps to re-verify their identity at each new site."

ID.me is simplifying how individuals securely prove and share their identity online. The company is building a digital identity network where users verify their identity once and never have to re-verify their identity again across any organization where ID.me is accepted -- mimicking the role of their driver's license in the physical world.

"ID.me achieved a significant industry milestone and competitive advantage by becoming the first company to earn approval from Kantara Initiative as a Credential Service Provider conformant to the NIST 800-63-3 Digital Identity Guidelines," said Colin Wallis, executive director, Kantara Initiative. "Kantara is the world's premier US Federal Trust Framework Provider as part of its mission to improve the trustworthy use of identity and personal data for people to regain control in a secure, privacy-enabled connected world."



NIST published SP 800-63-3 on June 22, 2017, outlining new identity management and digital authentication standards required to issue a secure and trusted digital credential. NIST organized credentialing guidelines around component steps with IAL2 and AAL2 replacing the previous SP 800-63-2 Level of Assurance (LoA) 3 requirements. ID.me's new Approval is in addition to ID.me's current Approval as a Credential Service Provider at LoAs 1, 2, and 3. ID.me currently boasts the highest LoA 3 identity verification success rates in the industry - enabling government agencies to deliver high-value services to citizens online at scale. ID.me's high verification success rate is a result of the company's next generation identity platform that connects to multiple authoritative databases and a focus on enabling access pathways for all demographics.

Under the new guidelines, NIST no longer accepts knowledge-based authentication (KBA) as a free-standing method to complete online identity-proofing. Large-scale data breaches have compromised the static identifiers and passwords of millions of Americans. Since the secret knowledge KBA relied upon is easily found or bought on the dark web, NIST is moving away from KBA in favor of possession-based methods of authentication. The requirements also require strong identifiers such as driver's licenses and passports to be paired with selfies to prevent criminals from using stolen documents to claim another person's identity online.


"To provide best-in-class capabilities to our partners, it's essential to stay up to date with the industry's strictest standards," said Mike Brown, CTO of ID.me. "Our platform has been accredited by the General Services Administration under the previous NIST requirements (800-63-2) since 2014. We are proud to be on the leading edge with the adoption of the new 800-63-3 guidelines and stand ready to help our federal and healthcare partners modernize their digital identity systems."

About ID.me

ID.me is the next-generation digital identity platform that provides for trusted and convenient interactions between individuals and organizations. Government agencies and commercial partners use ID.me for online identity proofing and authentication to ensure their platforms and users are protected from fraud and identity theft.

ID.me's identity platform meets the highest standards for online identity proofing and authentication, without compromising access for hard-to-identify groups. The federally-accredited platform uses a combination of remote verification of physical IDs, mobile network operator data, fraud algorithms, and FIDO U2F capabilities to securely verify a user's identity.

ID.me currently supports more than 200 partners, including federal and state agencies, healthcare organizations, financial institutions, nonprofits, and retailers. For more information, visit www.id.me.

About Kantara Initiative

Kantara Initiative is an ethics based, mission-led non-profit organization passionate about giving control of data back to people. It provides real-world innovation and development of specifications and conformity assessment programs for the digital identity and personal data ecosystems. Beyond its flagship eID-assisting Identity Assurance Trust Framework, developing initiatives including Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and the Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community, including CA (News - Alert) Technologies, digi.me, Experian, ForgeRock, the Internet Society, and SecureKey Technologies. More information is available at https://kantarainitiative.org/.

Follow Kantara Initiative on Twitter -- @KantaraNews


[ Back To TMCnet.com's Homepage ]