
What You Should Know:
– The CARIN Alliance, in partnership with DirectTrust® and Kantara Initiative™, has announced the publication of the nation’s first unified digital identity credential trust framework policy.
– The landmark policy establishes a foundation for digital identity credentials to be consistently recognized and exchanged across systems and organizations.
Harmonizing Major Trust Frameworks
The CARIN Digital Identity Credential Policy integrates and harmonizes three major trust framework policies:
- NIST 800-53: Which governs security and privacy.
- NIST 800-63 (Digital Identity Guidelines): A widely recognized framework for establishing secure and reliable digital identity.
- RFC 3647: The framework for X.509 public key infrastructure (PKI) credentials that underpins the Internet.
By normalizing these diverse frameworks into a single, interoperable policy, the initiative ensures that patients, providers, and other stakeholders can rely on digital identities without being limited to one network or standard. Furthermore, the policy enables digital credentials from both DirectTrust and Kantara Initiative to be broadly accepted by the Trusted Exchange Framework and Common Agreement (TEFCA) and other entities.
Advancing Interoperability and Regulatory Alignment
The policy creates a unique and necessary connection across previously separate trust frameworks. Scott Stuewe, President and CEO of DirectTrust, noted that the new policy allows for the assessment of equivalence between frameworks without needing to directly compare the controls. This effort is aligned with the future envisioned by the Centers for Medicare & Medicaid Services (CMS) Interoperability Framework.
“DirectTrust included both staff and volunteer resources in our efforts to support this project, mapping our existing PKI related policies and our new Identity Provider Policy to the standard RFC 3647 framework,” said Scott Stuewe, President and CEO of DirectTrust. “CARIN’s new policy allows for the assessment of equivalence between frameworks without needing to directly compare the controls, and forges a unique and necessary new asset. We are excited to advance a future envisioned by the Centers for Medicare & Medicaid Services (CMS) Interoperability Framework, and we look forward to what’s to come.”