Conformance

From IDESG Wiki
Jump to navigation Jump to search

Full Title or Meme

In a distributed collection of systems, Conformance to a common set of codes or standards.

Context

This wiki page applies specifically to distributed digital entities talking to each other over the Internet.

Conformance Profiles

As viewed by Kantara:

  • Kantara has been operating conformance profiles for NIST 800-63-2 and now 63-3 for several years already under its Trust Framework, so I know what the dynamics are to make that financially viable.
  • The ingredients are;
  1. A Standard or spec or piece of best practice with clear, auditable requirements that has wide recognition as such.
  2. Market demand for conformance to it, usually driven by regulation, or procurement.
  3. Exactly which parts need conformance -- protocol or policy/process. If a protocol, that typically involves building a test harness to test the requirements; if a policy or process, then that typically involves developing assessment # Criteria so that different auditors will find the same result when assessing the same requirement.
  4. Solution providers motivated to seek conformance
  5. Sponsorship of the editing of the test harness tests/conformance criteria
  6. Operating the process of fees, assessors, reviews, grant or Trust Marks, revocation of trust Marks, annual conformity review and renewal of Trust Marks and so on.
It has to be pretty much in that order too..

Solutions

References