Application Instructions and Attestation Forms

From IDESG Wiki
Jump to: navigation, search
Under construction.png This article is under construction and should not be considered complete.
Last modified by Omaerz

Purpose of the SALS program

The IDESG Baseline Functional Requirements ("Baseline Requirements") are a community-based set of criteria indicating the functional capabilities that are necessary to meet the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC), as stated in the Identity Ecosystem Framework ("IDEF") published by IDESG. 

Identity Ecosystem Service Providers ("Service Providers") are encouraged to use the Baseline Requirements as guidance for the competencies necessary for full participation in safe online identity ecosystems. See the IDESG Functional Model for further discussion about the various "digital identity management functions" performed by identity service providers. Service Providers who voluntarily participate in the SALS assist IDESG by sharing information about the feasibility and status of industry adoption of NSTIC's goals.

IDESG recognizes variations among Service Provider organizations and operations and offers these options to provide flexibility and choice in the self-assessment and reporting process. The IDESG SALS maintains two separate listings – Listed Providers and Applicant Providers. Listed Providers have asserted full compliance with all applicable Baseline Requirements. Applicant Providers are working toward full compliance with all applicable Baseline Requirements.

Each step of the IDESG SALS process is a voluntary program. Service Providers who choose to participate as Applicant Providers are not required to apply for Listed Provider status at a later time. However, all persons providing information to IDESG for posting in the SALS program are required to agree to IDESG's SALS Supplemental Terms of Use.

Instructions for submissions to the SALS program

Service Providers that have successfully self-assessed against all the applicable Baseline Requirements and would like to be included in the public listing of SALS Listed Providers should use the Full Compliance Attestation Form in Appendix A to this document to assert full compliance.

Service Providers who are working toward full compliance with the applicable Baseline Requirements may report interim results of their self-assessments — even if they have not yet completed their entire self-assessment against all applicable requirements.  The status report option is intended to be an information-sharing resource to report and promote implementation of the requirements. Service Providers who would like to be included in the SALS Applicant Providers should use the Status Report Attestation Form in Appendix B to this document to report their progress publicly.

Completion and submission of the SALS Self-Assessment Matrix, which serves at the responder's self-completed report card, together with either of the Appendix A or Appendix B Attestation Forms below, serves as the application, made by the Service Provider, for listing on the IDESG SALS, subject to the terms of the Terms of Use. That package also serves as the provider's public affirmation of in-progress or successful completion of the self-assessment process by application of the Baseline Requirements (that is, privacy, security, standards, and user experience criteria).

After Service Providers have submitted their Self-Assessment Matrix and a completed version of either Appendix A or Appendix B to this document ("Completed Application Package"), IDESG will perform a limited review of the Application Package to verify the authenticity of the submission and to ensure that the application is complete. IDESG will then upload the Self-Assessment Matrix to the SALS, displaying it for public information. The Matrix is designed to serve as a disclosable document. After a successful submission, the provider's Attestations are not publicly posted, but its Matrix is. Submitting a Completed Application Package grants IDESG permission to publish the Service Provider’s Self-Assessment Matrix in accordance with the SALS Data Handling and Use Policy and Terms of Use.

All sections of an Attestation Form marked as mandatory with a double-asterisk (" ** ") must be completed when it is submitted. If for any reason it may be difficult to verify some, or all, of the information provided, please explain on the Attestation Form.

Please Note:
The definitive current text for this document is posted on the Web. Any versions in static downloadable form are provided for convenience, and may not always represent the most current information.


>> Forward to: Appendix A (for prospective Listed Providers): SALS Full Compliance Attestation Form
>> Appendix B (for prospective Applicant Providers): SALS Status Report Attestation Form
>> Back to: SALS Application Package
>> SALS Program