This guidance document was developed by IMSAC, and recommended to the Secretary of Technology, to provide information or guidance of general applicability to the public for interpreting or implementing the Electronic Identity Management Act (the Act).  Specifically, the document establishes criteria and recommended processes for certifying compliance with the Commonwealth’s identity management minimum specifications and standards adopted pursuant to § 2.2-436.

The document provides a reference for criteria that must be met to certify compliance of identity trust framework operators. The document assumes a specific identity trust framework will address the business, legal, and technical requirements for each distinct digital identity system; these requirements will be designed based on the specific assurance model supported by the system; and the identity trust framework will be compliant with applicable laws, regulations, and statutes.

This guidance document focuses on certification, certification criteria, and requirements for certification authorities to qualify as eligible to perform certifications pursuant to the Act. Separate IMSAC guidance documents in this series define minimum specifications for other components of a digital identity system.

The proposed guidance documents are also available with comments and proposed changes by IMSAC on the VITA website: http://www.vita.virginia.gov/default.aspx?id=6442474172   

Public hearing: A public meeting will be held on Oct. 24, 2017, at 11 a.m. The meeting will be held at the Commonwealth Enterprise Solutions Center, 11751 Meadowville Lane, Chester VA 23836 in room 1222.