AoR+SWG+2+-+Identity+Proofing

include component="page" wikiName="siframework" page="esMD Header" =Announcements= toc =Works Approved Through Consensus=
 * ~ Sub-Workgroup Links ||
 * = **SWG 1**
 * Digital Credentials** ||= **SWG 2**
 * Identity Proofing** ||= **SWG 3**
 * Digital Signatures & Delegation of Rights** ||
 * **__ Thank you for your participation!! __** As of January 9th, 2013, the esMD AoR Identity Proofing White Paper has been finalized. The document below as well as the text embedded within the Identity Proofing White Paper Wiki reflect updates that were proposed and agreed upon during the formal Consensus Process. Please contact the Workgroup Lead or Support Lead if you have any remaining questions or concerns.
 * **Date** || **Artifact Name** || **Artifact Links** ||
 * 1/9/2013 || esMD AoR L1 SWG Report - Identity Proofing || * Wiki link
 * Consensus Votes
 * S&I Framework Repository Link - White Paper ||

=Works in Progress= =Meeting Materials= =Reference Materials=
 * **Artifact Name** || **Description/Purpose** || **Status** || **Current Status/**
 * Last Updated** || **Reviewers** || **Target Date for Completion** ||
 * **Meeting Date** || **Meeting Materials** || **Presentation Materials** || **Minutes** || **View Meeting Recordings** ||
 * December 5, 2012 || Meeting Materials ||  ||   ||   ||
 * November 28, 2012 || Meeting Materials || [[file:AoR SWG IP DS-SR 11-28-2012.pptx|Meeting Presentation (.pptx) (intro slides)]] ||   || View on Vimeo ||
 * November 21, 2012 ||||||||= MEETING CANCELLED ||
 * November 14, 2012 ||||||||= MEETING CANCELLED ||
 * November 7, 2012 ||||||||= MEETING CANCELLED ||
 * October 31, 2012 || Meeting Materials || [[file:siframework/AoR SWG IP DS-SR 10-31-2012 V1.1.pptx|Meeting Presentation (.pptx)]] || [[file:siframework/esMD AoR L1 Identity Proofing SWG A&D 2012-10-31.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * October 24, 2012 || Meeting Materials || Presentation unavailable || [[file:esMD AoR L1 Identity Proofing SWG A&D 2012-10-24.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * October 17, 2012 || Meeting Materials || [[file:siframework/AoR SWG IP DS-SR 10-17-2012.pptx|Meeting Presentation (.pptx)]] || [[file:siframework/esMD AoR L1 Identity Proofing SWG A&D 2012-10-17.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * October 10, 2012 || Meeting Materials || [[file:AoR SWG Digital Identity 10-10-2012.pptx|Meeting Presentation (.pptx)]] || [[file:siframework/esMD AoR L1 Combined SWG A&D 2012-10-10.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * October 3, 2012 || Meeting Materials || [[file:AoR SWG IP DS-SR 2012-10-03.pptx|Meeting Presentation (.pptx)]] || [[file:esMD AoR L1 Identity Proofing SWG A&D 2012-10-03.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * September 26, 2012 || Meeting Materials || [[file:AoR SWG IP DS-SR 9-26-2012.pptx|Meeting Presentation (.pptx)]] || [[file:esMD AoR L1 Identity Proofing SWG A&D 2012-09-26.docx|Meeting Minutes (.docx)]] || View on Vimeo ||
 * September 19, 2012 || Meeting Materials || [[file:AoR Subworkgroup Kick-off Slides 9-19-2012 (10am).pptx|Meeting Presentation (.pptx)]] || [[file:esMD AoR L1 Identity Proofing, Digital Signatures, Delegation of Rights SWG A&D 2012-09-19.docx|Meeting Minutes (.docx)]] || View on Vimeo ||

Standards
Dec 9, 2011 || Roadmap and Implementation Guidance || Version 2.0 Dec 2, 2011 ||
 * **Document Link** || **Description** || **Version/Date** ||
 * NIST SP 800-63-1 (PDF) || NIST Electronic Authentication Guide || Dec 2011 ||
 * FBCA X.509 Certificate Policy (PDF) || X.509 Certificate Policy for the Federal Bridge Certification Authority || Version 2.25
 * FICAM Roadmap / Implementation Guide (PDF) || Federal Identity, Credential, and Access Management
 * FIPS PUB 201-1 (PDF) || Personal Identity Verification of Federal Employees and Contractors || Mar 2006 ||
 * IETF RFC 3647 || Internet X.509 PKI Certificate Policy and Certification Practices Framework || Nov 2003 ||
 * IETF RFC 5280 || Internet X.509 PKI Certificate and CRL Profile || May 2008 ||
 * IETF RFC 6711 || An IANA Registry for Level of Assurance (LoA) Profiles || Aug 2012 ||

Industry Implementations
Jan 6, 2010 || (CSOS) PKI Certificate and Certificate Revocation List Profile || Version 2.2 Jan 26, 2009 || Part 6: Identity management Landscape: IdM standards, organizations and gap analysis, Version 2.0 || Version 2.5 Apr 2012 ||
 * **Document Link** || **Description** || **Version/Date** ||
 * 21 CFR Part 1305 || Orders for Schedule I and II Controlled Substances (DEA) || Apr 1, 2012 ||
 * 21 CFR Part 1311 || Requirements for Electronic Orders and Prescriptions (DEA) || Apr 1, 2012 ||
 * DEA CSOS Certificate Policy (PDF) || DEA Controlled Substance Ordering System (CSOS) Certificate Policy || Version 4.0
 * DEA CSOS PKI Certificate & CRL Profile (PDF) || DEA Diversion Control, Controlled Substance Ordering System
 * Form I-9 (OMB 1615-0047) (PDF) || Employment Eligibility Verification || Aug 9, 2009 ||
 * ITU Security Standards Roadmap || International Telecommunication Union Security Standards Roadmap. Of particular note is

White Papers/Industry Reports
Digital Identities, Digital Signatures and Cloud Computing to Accelerate Drug Development ||  ||
 * **Document Link** || **Description** || **Version/Date** ||
 * SAFE Bio-Pharma Document Link (PDF) || Research collaboration in the cloud: How NCI and Research Partners are using Interoperable
 * INCIT Study Report (PDF) || Study Report on Biometrics in E-Authentication, InterNational Committee for Information Technology Standards || Mar 30, 2007 ||

Federal Requirements
Jul 31, 2012 ||
 * Document Link || Description || Date/Version ||
 * RMH Vol. III Standard 3.1 Authentication || CMS Risk Management Handbook Volume III, Standard 3.1: CMS Authentication Standards || Version 1.2

=Workgroup Details=
 * See all Author of Record SWG reference materials on the esMD Reference Materials page. **

Objective:
Define required process for identity proofing of healthcare individuals and organizations for esMD.

Requirements:

 * NIST SP 800-63-1 Level 3 Authentication (December 2011)

In Scope:

 * RA qualifications and certification
 * Combining RA processes with other healthcare identity proofing (e.g., credentialing)
 * Policy issues regarding identity proofing

Out of Scope:

 * Digital Credential Management
 * Digital Signatures
 * Proxy or Delegation

Deliverable: Summary White Paper

 * Assumptions
 * Statement of Problem
 * Recommended Solution(s)
 * Review of Standards (e.g., NIST, FICAM)
 * Certification requirements for RAs
 * Proof of identity requirements for
 * Entities
 * Individuals
 * Allowed proofing processes (e.g., as part of credentialing?)
 * Frequency of Identity review
 * Appeals process or denial
 * Variation based on specific credentials/use?
 * Revocation (triggers and process)
 * Identify gaps in current policy impacting Identity Proofing
 * References

include component="page" wikiName="siframework" page="esMD Contacts" include component="page" wikiName="siframework" page="space.template.inc_contentleft_end"