Get the best cybersecurity science, research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.

Are there too many cooks in the certification kitchen?

Are there too many cooks in the certification kitchen?

Certification programs seem to be the cooking shows of the identity domain. Turn around, and there is a new one. Do they add value or confusion?

I once managed a certification program for identity services, so tend to have a somewhat jaded but intimate understanding of both the beautiful vision of interoperable outcomes and the seductive fallacy of enforcement.

While I believe that a properly structured certification program adds great value by ensuring a common baseline of interoperable services, my concern remains the impact of the sheer number of these programs ("flaming hoops") on the identity services who seek the certification.

At least for the FICAM TFS Program, the two options I had thought would be worth further exploration, without changing the existing once removed (TFS > TFP > Identity Service) approval mechanisms, were:

  • Merge the FICAM TFS Program into the FedRAMP program. FedRAMP is currently focused on the infrastructure-as-a-service layer, so bringing in the TFS certification under the FedRAMP umbrella simply enriched it with an existing identity-as-a-service layer (FedRAMP > TFP > Identity Service).

  • Merge the FICAM TFS Program into the Connect.gov program. If Connect.gov is the operational infrastructure, let it also have the authority and ability to manage the certification program for the services that can integrate with it (Connect.gov PMO > TFP > Identity Service)

I was unsuccessful at getting any traction for either of these options, but continue to believe that less is better here.


Context and Privacy


cyberforge: random and relevant


 Tweet  Share  Share  Share  Pin  Email


Get the best cybersecurity science, research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.