• Created by Unknown User (nikolas.reineke), last modified on Aug 31, 2016

Announcements

  • Thank you for your participation!! As of January 9th, 2013, the esMD AoR Identity Proofing White Paper has been finalized. The document below as well as the text embedded within the Identity Proofing White Paper Wiki reflect updates that were proposed and agreed upon during the formal Consensus Process. Please contact the Workgroup Lead or Support Lead if you have any remaining questions or concerns.

Works Approved Through Consensus

DateArtifact NameArtifact Links
1/9/2013esMD AoR L1 SWG Report - Identity Proofing

 

Works in Progress

Artifact NameDescription/PurposeStatusCurrent Status/
Last Updated		ReviewersTarget Date for Completion
      

Meeting Materials

Meeting DateMeeting MaterialsPresentation MaterialsMinutesView Meeting Recordings
December 5, 2012Meeting Materials   
November 28, 2012Meeting MaterialsMeeting Presentation (.pptx) (intro slides) View on Vimeo
November 21, 2012MEETING CANCELLED
November 14, 2012MEETING CANCELLED
November 7, 2012MEETING CANCELLED
October 31, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 24, 2012Meeting MaterialsPresentation unavailableMeeting Minutes (.docx)View on Vimeo
October 17, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 10, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 3, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 26, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 19, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo

Reference Materials

Standards

Document LinkDescriptionVersion/Date
NIST SP 800-63-1 (PDF)NIST Electronic Authentication GuideDec 2011
FBCA X.509 Certificate Policy (PDF)X.509 Certificate Policy for the Federal Bridge Certification AuthorityVersion 2.25
Dec 9, 2011
FICAM Roadmap / Implementation Guide (PDF)Federal Identity, Credential, and Access Management
Roadmap and Implementation Guidance		Version 2.0
Dec 2, 2011
FIPS PUB 201-1 (PDF)Personal Identity Verification of Federal Employees and ContractorsMar 2006
IETF RFC 3647Internet X.509 PKI Certificate Policy and Certification Practices FrameworkNov 2003
IETF RFC 5280Internet X.509 PKI Certificate and CRL ProfileMay 2008
IETF RFC 6711An IANA Registry for Level of Assurance (LoA) ProfilesAug 2012

 

Industry Implementations

Document LinkDescriptionVersion/Date
21 CFR Part 1305Orders for Schedule I and II Controlled Substances (DEA)Apr 1, 2012
21 CFR Part 1311Requirements for Electronic Orders and Prescriptions (DEA)Apr 1, 2012
DEA CSOS Certificate Policy (PDF)DEA Controlled Substance Ordering System (CSOS) Certificate PolicyVersion 4.0
Jan 6, 2010
DEA CSOS PKI Certificate & CRL Profile (PDF)DEA Diversion Control, Controlled Substance Ordering System
(CSOS) PKI Certificate and Certificate Revocation List Profile		Version 2.2
Jan 26, 2009
Form I-9 (OMB 1615-0047) (PDF)Employment Eligibility VerificationAug 9, 2009
ITU Security Standards RoadmapInternational Telecommunication Union Security Standards Roadmap. Of particular note is
Part 6: Identity management Landscape: IdM standards, organizations and gap analysis, Version 2.0		Version 2.5
Apr 2012

 

White Papers/Industry Reports

Document LinkDescriptionVersion/Date
SAFE Bio-Pharma Document Link (PDF)Research collaboration in the cloud: How NCI and Research Partners are using Interoperable
Digital Identities, Digital Signatures and Cloud Computing to Accelerate Drug Development		 
INCIT Study Report (PDF)Study Report on Biometrics in E-Authentication, InterNational Committee for Information Technology StandardsMar 30, 2007

 

Federal Requirements

Document LinkDescriptionDate/Version
RMH Vol. III Standard 3.1 AuthenticationCMS Risk Management Handbook Volume III, Standard 3.1: CMS Authentication StandardsVersion 1.2
Jul 31, 2012


See all Author of Record SWG reference materials on the esMD Reference Materials page.

Workgroup Details

 

Objective:

Define required process for identity proofing of healthcare individuals and organizations for esMD.

Makeup:

 

Requirements:

  • NIST SP 800-63-1 Level 3 Authentication (December 2011)

 

In Scope:

  • RA qualifications and certification
  • Combining RA processes with other healthcare identity proofing (e.g., credentialing)
  • Policy issues regarding identity proofing

 

Out of Scope:

  • Digital Credential Management
  • Digital Signatures
  • Proxy or Delegation

 

Deliverable: Summary White Paper

  • Assumptions
  • Statement of Problem
  • Recommended Solution(s)
    • Review of Standards (e.g., NIST, FICAM)
    • Certification requirements for RAs
    • Proof of identity requirements for
      • Entities
      • Individuals
    • Allowed proofing processes (e.g., as part of credentialing?)
    • Frequency of Identity review
    • Appeals process or denial
    • Variation based on specific credentials/use?
    • Revocation (triggers and process)
  • Identify gaps in current policy impacting Identity Proofing
  • References
  • No labels