Market Overview

ID.me Becomes First Identity Provider to Be Approved as NIST 800-63-3 Conformant

Share:

Kantara Initiative Approval Reinforces ID.me's leadership position as
the best-in-class identity provider for the public sector and healthcare
industry

ID.me,
the next generation identity platform, is announcing today that it has
been granted Approval by the Kantara
Initiative's
Board of Directors as a full Credential Service
Provider conformant to NIST's recently issued Special Publication (SP)
800-63-3 guidelines at Identity Assurance Level 2 (IAL2) and
Authenticator Assurance Level 2 (AAL2). ID.me is the first Credential
Service Provider to be recognized under Kantara's new NIST 800-63 rev.3 Class
of Approval
, reinforcing ID.me's leading place in the identity
ecosphere. Kantara is the leading global consortium improving
trustworthy use of identity and personal data through innovation,
standardization and good practice.

In addition to the NIST 800-63-3 IAL2 / AAL2 ID.me-branded credentialing
service available today, ID.me will extend its IAL2 / AAL2
infrastructure to government agencies and healthcare organizations as a
white label service, starting in 2019.

The new NIST digital identity guidelines are vital for security, citizen
access and interoperability across government and healthcare. Federal
agencies are expected to meet the requirements of, and be in compliance
with, the new NIST guidelines for all new and existing citizen-facing
applications that require a high degree of trust. In healthcare, the
Drug Enforcement Administration (DEA) requires NIST 800-63 compliant
credentials for healthcare providers to electronically prescribe
controlled substances. Moreover, the U.S. Department of Health and Human
Services (HHS) is working on the Trusted Exchange Framework and Common
Agreement set for publication in late 2018 to define standards for
interoperability between healthcare systems. The Trusted Exchange
Framework recommends the adoption of NIST 800-63-3 IAL2 / AAL2 identity
guidelines for patient portals.

"The opioid crisis and a growing demand for patient-directed data
exchange have created a perfect storm for trusted digital identity in
healthcare. Securing the identities of prescribing physicians and the
patients they treat is a critical step in fighting the opioid crisis,
controlling costs and creating efficiencies in healthcare," said Blake
Hall, ID.me CEO. "With requirements like 800-63-3, the industry can
trust a shared login service so users can bring their identity and data
with them across websites without having to take the time-consuming and
frustrating steps to re-verify their identity at each new site."

ID.me is simplifying how individuals securely prove and share their
identity online. The company is building a digital identity network
where users verify their identity once and never have to re-verify their
identity again across any organization where ID.me is accepted --
mimicking the role of their driver's license in the physical world.

"ID.me achieved a significant industry milestone and competitive
advantage by becoming the first company to earn approval from Kantara
Initiative as a Credential
Service Provider conformant to the NIST 800-63-3 Digital Identity
Guidelines
," said Colin Wallis, executive director, Kantara
Initiative. "Kantara is the world's premier US Federal Trust Framework
Provider as part of its mission to improve the trustworthy use of
identity and personal data for people to regain control in a secure,
privacy-enabled connected world."

NIST published SP
800-63-3
on June 22, 2017, outlining new identity management and
digital authentication standards required to issue a secure and trusted
digital credential. NIST organized credentialing guidelines around
component steps with IAL2 and AAL2 replacing the previous SP 800-63-2
Level of Assurance (LoA) 3 requirements. ID.me's new Approval is in
addition to ID.me's current Approval as a Credential Service Provider at
LoAs 1, 2, and 3. ID.me currently boasts the highest LoA 3 identity
verification success rates in the industry – enabling government
agencies to deliver high-value services to citizens online at scale.
ID.me's high verification success rate is a result of the company's next
generation identity platform that connects to multiple authoritative
databases and a focus on enabling access pathways for all demographics.

Under the new guidelines, NIST no longer accepts knowledge-based
authentication (KBA) as a free-standing method to complete online
identity-proofing. Large-scale data breaches have compromised the static
identifiers and passwords of millions of Americans. Since the secret
knowledge KBA relied upon is easily found or bought on the dark web,
NIST is moving away from KBA in favor of possession-based methods of
authentication. The requirements also require strong identifiers such as
driver's licenses and passports to be paired with selfies to prevent
criminals from using stolen documents to claim another person's identity
online.

"To provide best-in-class capabilities to our partners, it's essential
to stay up to date with the industry's strictest standards," said Mike
Brown, CTO of ID.me. "Our platform has been accredited by the General
Services Administration under the previous NIST requirements (800-63-2)
since 2014. We are proud to be on the leading edge with the adoption of
the new 800-63-3 guidelines and stand ready to help our federal and
healthcare partners modernize their digital identity systems."

About ID.me

ID.me is the next-generation digital identity platform that provides for
trusted and convenient interactions between individuals and
organizations. Government agencies and commercial partners use ID.me for
online identity proofing and authentication to ensure their platforms
and users are protected from fraud and identity theft.

ID.me's identity platform meets the highest standards for online
identity proofing and authentication, without compromising access for
hard-to-identify groups. The federally-accredited platform uses a
combination of remote verification of physical IDs, mobile network
operator data, fraud algorithms, and FIDO U2F capabilities to securely
verify a user's identity.

ID.me currently supports more than 200 partners, including federal and
state agencies, healthcare organizations, financial institutions,
nonprofits, and retailers. For more information, visit www.id.me.

About Kantara Initiative

Kantara Initiative is an ethics based, mission-led non-profit
organization passionate about giving control of data back to people. It
provides real-world innovation and development of specifications and
conformity assessment programs for the digital identity and personal
data ecosystems. Beyond its flagship eID-assisting Identity
Assurance Trust Framework
, developing initiatives including Identity
Relationship Management
, User
Managed Access
(EIC Award Winner for Innovation in Information
Security 2014), Identities
of Things,
and the Consent
Receipt
, Kantara Initiative connects a global, open, and transparent
leadership community, including CA Technologies, digi.me, Experian,
ForgeRock, the Internet Society, and SecureKey Technologies. More
information is available at https://kantarainitiative.org/.

Follow Kantara Initiative on Twitter
-- @KantaraNews

View Comments and Join the Discussion!