This is a point update that does not change any of the existing TFP processes but instead:
- Acknowledges an existing internal Government process in order to recognize non-federally issued PKI providers, who are cross-certified with the Federal Bridge, as approved Credential Service Providers under the FICAM Trust Framework Solutions umbrella.
- Incorporates the Trust Framework Solutions (TFS) "branding" under FICAM.
The FICAM Trust Framework Solutions (TFS) cover remote electronic authentication of human users to IT systems over a network. It does not address the authentication of a person who is physically present.
The TFS is inclusive of externally issued PKI and non-PKI credentials at OMB Levels of Assurance 1, 2, 3 and 4:The other point to note is the establishment of the Trust Framework Solutions "branding" under FICAM to acknowledge the C2G and B2G aspects that FICAM is responsible for (FICAM in the Federal Government covers areas beyond C2G and B2G). At a high level, we are bucketing the C2G and B2G pieces under the TFS umbrella and are expecting the TFS, in the near term, to "own" the:
- For PKI based credentials the TFS recognizes the Federal PKI Policy Authority (FPKIPA) as a TFS approved Trust Framework Provider and will rely on its proven criteria and methodology for non-Federally issued PKI credentials.
- For non-PKI credentials, each Identity Provider and TFP must demonstrate trust comparable to each of five categories (registration and issuance, tokens, token and credential management, authentication process, and assertions) for each Level of Assurance it wishes its credentials trusted by government applications (including physical access control systems).
- Trust Framework Provider Adoption Process (TFPAP)
- The Relying Party Guidance on Accepting Externally Issued Credentials (Currently under internal review)
- FICAM TFS Trust Mark (Future)