Are there too many cooks in the certification kitchen?

By ANIL JOHN on | Permalink

Are there too many cooks in the certification kitchen?

Certification programs seem to be the cooking shows of the identity domain. Turn around, and there is a new one. Do they add value or confusion?

I once managed a certification program for identity services, so tend to have a somewhat jaded but intimate understanding of both the beautiful vision of interoperable outcomes and the seductive fallacy of enforcement.

While I believe that a properly structured certification program adds great value by ensuring a common baseline of interoperable services, my concern remains the impact of the sheer number of these programs (“flaming hoops”) on the identity services who seek the certification.

At least for the FICAM TFS Program, the two options I had thought would be worth further exploration, without changing the existing once removed (TFS > TFP > Identity Service) approval mechanisms, were:

  • Merge the FICAM TFS Program into the FedRAMP program. FedRAMP is currently focused on the infrastructure-as-a-service layer, so bringing in the TFS certification under the FedRAMP umbrella simply enriched it with an existing identity-as-a-service layer (FedRAMP > TFP > Identity Service).

  • Merge the FICAM TFS Program into the Connect.gov program. If Connect.gov is the operational infrastructure, let it also have the authority and ability to manage the certification program for the services that can integrate with it (Connect.gov PMO > TFP > Identity Service)

I was unsuccessful at getting any traction for either of these options, but continue to believe that less is better here.

Context and Privacy

Continue the Conversation

 Reply via Email


Get the best cybersecurity research, resources and insights to help secure and safeguard the digital world; via 
No Spam. Unsubscribe Anytime.

© 2014-2023 Kylas Group, LLC