Conformance: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==Full Title or Meme== In a distributed collection of systems, Conformance to a common set of codes or standards. ==Context== This wiki page applies specifically to distri...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
This wiki page applies specifically to distributed digital entities talking to each other over the Internet. | This wiki page applies specifically to distributed digital entities talking to each other over the Internet. | ||
=== Conformance Profiles=== | |||
As viewed by Kantara: | |||
*Kantara has been operating conformance profiles for NIST 800-63-2 and now 63-3 for several years already under its Trust Framework, so knows what the dynamics are to make that financially viable. | |||
* The ingredients are; | |||
# A Standard or spec or piece of best practice with clear, auditable requirements that has wide recognition as such. | |||
# Market demand for conformance to it, usually driven by regulation, or procurement. | |||
# Exactly which parts need conformance -- protocol or policy/process. If a protocol, that typically involves building a test harness to test the requirements; if a policy or process, then that typically involves developing assessment # Criteria so that different auditors will find the same result when assessing the same requirement. | |||
# Solution providers motivated to seek conformance | |||
# Sponsorship of the editing of the test harness tests/conformance criteria | |||
# Operating the process of fees, assessors, reviews, grant or Trust Marks, revocation of trust Marks, annual conformity review and renewal of Trust Marks and so on. | |||
It has to be pretty much in that order too.. | |||
==Solutions== | ==Solutions== | ||
==References== | ==References== | ||
[[Category:Glossary]] | |||
[[Category:Conformance]] |
Latest revision as of 18:54, 27 May 2020
Full Title or Meme
In a distributed collection of systems, Conformance to a common set of codes or standards.
Context
This wiki page applies specifically to distributed digital entities talking to each other over the Internet.
Conformance Profiles
As viewed by Kantara:
- Kantara has been operating conformance profiles for NIST 800-63-2 and now 63-3 for several years already under its Trust Framework, so knows what the dynamics are to make that financially viable.
- The ingredients are;
- A Standard or spec or piece of best practice with clear, auditable requirements that has wide recognition as such.
- Market demand for conformance to it, usually driven by regulation, or procurement.
- Exactly which parts need conformance -- protocol or policy/process. If a protocol, that typically involves building a test harness to test the requirements; if a policy or process, then that typically involves developing assessment # Criteria so that different auditors will find the same result when assessing the same requirement.
- Solution providers motivated to seek conformance
- Sponsorship of the editing of the test harness tests/conformance criteria
- Operating the process of fees, assessors, reviews, grant or Trust Marks, revocation of trust Marks, annual conformity review and renewal of Trust Marks and so on.
It has to be pretty much in that order too..