tftm deliverable 01 06 2014 self assessment and attestation program discussion deck n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck PowerPoint Presentation
Download Presentation
TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck

Loading in 2 Seconds...

play fullscreen
1 / 15

TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck . TFTM Committee June 25 , 2014. Meeting Agenda. 2014 Compliance and Conformance Program Goal Meeting Objectives Why Self-attestation? Process and Components Deliverables N ext Steps.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'TFTM Deliverable 01-06 2014 Self Assessment and Attestation Program Discussion Deck' - selene


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
tftm deliverable 01 06 2014 self assessment and attestation program discussion deck

TFTM Deliverable 01-062014 Self Assessment and Attestation ProgramDiscussion Deck

TFTM Committee

June 25, 2014

IDESG TFTM Committee

slide2

Meeting Agenda

  • 2014 Compliance and Conformance Program Goal
  • Meeting Objectives
  • Why Self-attestation?
  • Process and Components
  • Deliverables
  • Next Steps

IDESG TFTM Committee

slide3

Today’s Meeting Objectives

  • Discuss the 2014 IDESG self assessment and attestation compliance program
  • Identify program components
  • Identify potential deliverables

IDESG TFTM Committee

slide4

Why Self-assessment and Attestation?

  • Cost effective
    • For both IDESG and participants
  • Resource light
    • For both IDESG and participants
  • Can be implemented quickly
    • We are already half way through 2014
  • Provides moderate assurance that participants are operating according to established requirements, guidance, rules, etc.
  • Most realistic option for 2014
  • Logical first step in the phased implementation of a compliance program
    • CSA and other organizations have implemented similar phased approaches

IDESG TFTM Committee

slide5

2014 TFTM Compliance and Conformance Goal

  • Establish a self assessment and attestation compliance program for the Identity Ecosystem.
    • TFTM consensus decision made on 28 May 2014
    • In the future, additional types of conformance will be built upon the self-attestation program

Future Compliance Approaches

IDESG TFTM Committee

slide6

IDESG Conformance Assessment Program

NSTIC and IDESG Guiding Principles

Other

Interop.

Privacy

Usability

Security

IE Framework Requirements and Assessment Procedures

3rd-Party Conformance Assessment (2015+)

Self-Assessment (2014)

Self-Assessment Criteria/Questionnaire

Conformance Self-Attestation

IDESG TFTM Committee

slide7

Process & Components

  • What do we need for a functional self-assessment and attestation program?
  • Each step in the process will require a set of defined procedures (internal and external) and owners to ensure an efficient program
  • A clear, overall process flow should be developed once the processes and components have been identified and agreed to by the TFTM

IDESG TFTM Committee

slide8

Process and Components

  • The process through which identity ecosystem participants request to be recognized through the self-assessment and attestation conformance program
  • Maybe automated or manual procedure
    • Web form
    • Emailed/downloaded PDF
  • Application should contain sufficient info to confirm “Bona Fides” of applying organizations
    • Legitimate service provider in IE – e.g., IE role/service description
    • Other certifications (e.g., CSA STAR, PCI DSS, FICAM), DUNs number, etc.
  • Ownership for collecting applications and supporting documents will need to be assigned to an appropriate entity in IDESG
    • E.g., Secretariat, TFTM sub-committee, etc.
  • Potential deliverables/documentation:
    • IDESG Application Template and Guide
    • Bona Fides information requirements

IDESG TFTM Committee

slide9

Process and Components

  • Process by which applicants determine conformance with appropriate IDESG requirements
  • Needsa clear, standardized format for expressing applicable requirements
    • E.g., clear criteria, self-assessment questionnaire
  • Needs an identified owner in IDESG for collecting and managing assessment template submissions
    • Maybe Secretariat or TFTM sub-committee
    • Need to review for completeness and appropriateness of submissions
  • Dependent upon committee requirements development
    • TFTM development of requirements template mayassist committees in their own requirements development
  • Potential deliverables/documentation:
    • Conformance Criteria/Questionnaire

IDESG TFTM Committee

slide10

Process and Components

  • Means to formally bind applicants to the information provided in the self-assessment form
  • Needs a standardized format with appropriate legal language/review
  • Ownership
    • Maybe Secretariat or TFTM sub-committee
  • Potential deliverables/documentation:
    • Attestation Forms/Guide

IDESG TFTM Committee

slide11

Process and Components

  • IDESG due diligence and confirmation that all necessary and appropriate information has been received from an applicant.
    • Results inrecommendation for acceptance of self-attestation
  • At a minimum, should ensure that the proper documents have been fully and appropriately completed
    • Application (Bona fides check)
    • Self-assessment forms
    • Conformance Attestation
  • Ownership
    • Responsibility for recommendations for approval should be an IDESG entity, e.g., TFTM,TFTM subcommittee, Management Council/sub-committee
    • Similarly, Responsibility for formal approval should be an IDESG entity
  • Potential deliverables/documentation:
    • Approval process description and policy

IDESG TFTM Committee

slide12

Process and Components

  • Process through which IDESG approval of an ecosystem participant’s self-assessment and attestation is publically represented
    • Expresses conformance with IDESG requirements to other ecosystem participants and the general public
  • Multiple means to express conformance
    • Certificate – a formal certification issued by IDESG
    • Trustmark- a visual/electronic symbol that is licensed for use/display by approved service providers and ecosystem participants
    • Registry or “Trust” List - an IDESG hosted site that lists approved service providers and approved ecosystem participants
  • These options will be explored more fully in future discussions…
  • Deliverables/Documents
    • Recognition Approach

IDESG TFTM Committee

slide13

Process and Components

  • Process by which the IDESG confirms continued compliance with IDESG requirements and rules.
  • Could be:
    • Re-assessment and attestation after a set period
    • Updated attestation of continued compliance
  • Initial process should be stated up front as part of 2014 attestation process and documents
    • Could be expressed as an “expiration” or renewal date (e.g., annual, bi-annual)
  • Deliverables/Documents
    • Ongoing compliance approach (maybe included in attestation guidance)

IDESG TFTM Committee

slide14

Potential TFTM Deliverables

  • Application Template
  • Bona Fides Requirements
  • Self Assessment Form/Template
    • Conformance Criteria, Compliance Questionnaire or something similar
  • Attestation Forms/Documentation
  • Approval Process Description and Policy
  • Recognition Approach
  • Ongoing Compliance Approach

IDESG TFTM Committee

slide15

Next Steps Summary

Analyze/discuss existing self-certification and self-assessment programs

Cloud Security Alliance STAR Program

Gain consensus on deliverable list and program components

Develop timelines and milestones for deliverables

Begin development of self-assessment and attestation deliverables

IDESG TFTM Committee