Trust Framework Provider Services

SAFE-BioPharma Association is a US Government-approved Trust Framework Provider (TFP). As such, we develop and maintain policies and practices used by identity credential issuers.

We are authorized to examine and certify that the identity proofing, credential issuance, and credential management policies and practices of electronic identity credential issuers are comparable to Federal Identity, Credential, and Access Management (FICAM) requirements.

Certification means that identities and/or credentials can be trusted and used at known levels of assurance by US federal entities such as NIH, VA, and FDA.

SAFE-BioPharma is approved by FICAM to provide policy and practice oversight for full-service Credential Service Providers (CSP), Identity Proofing (IdP) component members, and Credential Provider (CCP) component members.

Certification means that identity credentials can be trusted and used at known levels of assurance by US federal entities such as NIH, VA, and FDA.

We operate…

  • a Global Trust Framework aligned with EU Regulations, ISO and ITU-T standards at eIAS Low, Substantial and High
  • an internationally recognized PKI (asymmetric cryptography-based) bridge certification authority and Trusted Third Party issuer of digital certificates. PKI credentials are used for high identity trust authentication and for applying digital signatures
  • a federally-approved (FICAM) non-PKI Trust Framework certifying Credential Service Providers and Identity Proofing Providers at NIST Levels of Assurance (LOA) 2 and 3. FICAM credentials are used for trusted authentication
    • LOA 2 satisfies identity-proofing and credential issuing practices acceptable for access to systems where risk of identity fraud is minimized; for example, patient access to read-only medical records, and veteran access to read-only military medical records.
    • LOA 3 is considered the minimum level of assurance required to authenticate most transactions in regulated industries such as pharmaceuticals and healthcare.

The following Service Providers have been approved as members of the SAFE-BioPharma Trust Framework:

  SAFE-BioPharma FICAM Trust Framework 1.0 SAFE-BioPharma FICAM Trust Framework 2.0 SAFE-BioPharma Trust Framework 3.0
Identity Manager/Identity Proofing Member LexisNexis, LOA 1,2,3

TransUnion LOA 2, 3
Equifax, LOA 2,3

TransUnion IAL 2
Credential Service Providers Exostar, LOA 3
Zentry a Synchronoss Venture, LOA 2,3
Trans Sped, LOA 3

The following are certified assessors for our Trust Frameworks and PKI services: Cygnacom Solutions, Inc.Elfsec, LLC; eValid8; The Slandala Company;  Kuma, LLCLibra Security, Inc.Scott S. Perry CPA, PLLC; Zygma LLC.

Accredited TFP Assessors must demonstrate competence in the field of compliance assessments and:

  • Be thoroughly familiar with all requirements of the SAFE-BioPharma Trust Framework Provider Approval Process NIST SP 800-63 Conformance Profile (TFPAP 800-63-3), including the NIST SP 800-63-3 guidelines;
  • Be thoroughly familiar with the relevant requirements of NIST SP 800-53-5 cybersecurity, IAM and privacy protection controls. Alternatively, thorough familiarity with the requirements of ISO 27001/2 is acceptable;
  • Perform such assessments as a primary ongoing business activity; and
  • Be Certified Information System Auditors (CISA) and IT security specialists or equivalent, such as accreditation as an ISMS auditor or have documented experience in this line of work (references acceptable).
  • Alternatively, providing proof of certification under ETSI standard EN 319 403 will satisfy requirements for becoming Approved Assessors.

Accredited PKI Assessors must demonstrate all of the above requirements and also demonstrate competence in the field of compliance audits for security and PKIs, and must be thoroughly familiar with requirements that the PAA imposes on the issuance and management of SAFE-BioPharma PKI certificates.