This guideline supports implementation of the minimum requirements for establishing the identityFootnote 1 of an individual to a given level of assurance. Identity assurance levels are defined in Appendix B of the Standard on Identity and Credential Assurance, and the minimum requirements to establish an identity assurance level are set out in subsection 6.4.1 and Appendix C. This standard was issued to support the Policy on Government Security and the Directive on Identity Management.
Identity establishment is the creation of an authoritative record of identity that can be relied on by others for subsequent government activities, programs and services. This guideline assists in standardizing how the identity information of individuals is established in relation to government programs and services. This guideline is also intended to promote consistent identity assurance practices, while enabling government organizations to retain the flexibility to innovate and manage risk appropriately. It is also intended to assist in a phased approach toward federating identity that includes the use of standardized credential authentication services.
This guideline is intended for the following users:
This guideline
For an annotated list of policies, standards, guidelines and frameworks in support of, or related to, identity assurance, see Appendix B.
To meet the requirements of the standard, Government organizations are developing identity management practices and related tools that can be used to contribute to a coherent, consistent, standardized and interoperable approach across the Government of Canada. These identity practices and related tools will be shared via GCPedia and may be incorporated into future versions of this guideline.
Identity is at the core of most government business processes and is the starting point of trust and confidence in interactions between the public and government. Once the identity information of an individual is established, all subsequent government activities, ranging from providing services to granting benefits and status, rely on the accuracy and rightful use of this information. For many service encounters or client transactions, government organizations must ensure that they are dealing with the right individual so that they can meet their program and service delivery objectives. For example, when an individual applies for a Canadian passport, certain documents are required to support the proof of his or her identity.
The management of identity information is a shared responsibility between the different orders of government within Canada. There are many authoritative sources, enabled by federal, provincial and territorial acts and regulations, that record information relating to an individual such as vital events, legal or professional status, and benefit entitlements. In most cases, a document or certificate is issued to the individual, who uses to it prove his or her identity and related personal information.
In Canada, there is no single document whose sole purpose is to identify an individual. Instead, many documents issued by different jurisdictions are in use. This decentralized approach has been effective in serving Canadians. However, it can present challenges in providing a consistent service experience across jurisdictions and in combatting fraudulent activity.
Physical documents remain the predominant method of presenting evidence of identity for Government of Canada programs and services. As digital delivery methods become more prevalent, digital representations of identity may be accepted as alternatives to physical documents. Governments are recognizing the potential cost savings related to the use of digital alternatives and common infrastructure. As government programs and services become increasingly interconnected and interdependent, it becomes imperative to manage identity risk collaboratively across organizational and jurisdictional boundaries.
In 2011, in response to this changing environment, the Government of Canada published Federating Identity Management in the Government of Canada: A Backgrounder, which described an overall vision and approach that would permit trust, established by internal identity management business processes, to be extended across organizational boundaries within the Government of Canada and with other jurisdictions. As part of this document, several key concepts were formally defined, including "identity assurance" and "credential assurance," and then formalized in subsequent Treasury Board policy instruments.
The Treasury Board policy instruments on identity consist of one directive, one standard and two guidelines issued under the authority of the Policy on Government Security.
Section 3 of this guideline provides detailed guidance on meeting these requirements.
Most government programs and services need to know the individual they are dealing with. For external services, the individual is typically a client of a government program or service. For internal services, the individual is an employee, or a government worker acting on behalf of a government organization.
These different contexts may result in different risks that need to be managed. For example, not properly confirming the right individual as a client may result in a benefits payment to the wrong individual (a program integrity risk). Not confirming the right individual as an employee may result in the unauthorized disclosure of information (an information security risk or privacy breach, should personal information be disclosed). Regardless of the context, managing the risk of ensuring that a government organization is dealing with the right individual can be achieved consistently and coherently by means of identity assurance.
By definition, "identity assurance" is a measure of certainty (or a degree of confidence) that an individual, organization or device is who or what it claims to be. Identity assurance is used to answer the question, "How sure are you that you have the right individual, organization or device?Footnote 2
In addition to managing risk, a standardized approach to identity assurance allows people to interact with government programs or services that use, or rely on, identity establishment processes carried out elsewhere. For example, an individual may prove who he or she is once, according to standardized requirements, and the established identity for this individual can be relied on by many other programs and services. This is the essence of federation, which is discussed in subsection 3.9 of this document.
Different identity assurance levels allow government programs and services to carry out transactions commensurate with the level of risk. For some services, the level of risk is low; for others, it is higher. For example, the level of risk involved in providing personalized weather information to an individual is low, whereas the level of risk involved in accepting an application for a passport is higher.
The different identity assurance levels also allow government organizations to manage costs and to design optimal solutions using standardized services or capabilities developed for different (or lower) assurance levels while appropriately managing the residual risk.
Table 1 shows the identity assurance levels defined in the Standard on Identity and Credential Assurance.
Level | Description |
---|---|
4 | Very high confidence required that an individual is who he or she claims to be. |
3 | High confidence required that an individual is who he or she claims to be. |
2 | Some confidence required that an individual is who he or she claims to be. |
1 | Little confidence required that an individual is who he or she claims to be. |
The standardized levels range from one to four; each level describes a required degree of confidence that correlates to a range of expected harms should the level not be achieved and maintained. Subsection 3.2 of this document describes how a government organization determines which identity assurance level is required.
An assurance level assessment should be conducted first to determine the assurance level requirement. The companion guidance document, Guideline on Defining Authentication Requirements, defines a two-step process that assists in determining this requirement.
Figure 1 presents an overview of the assurance level assessment and IT design processes in terms of the scope of the related Government of Canada guidelines.
Figure 1. Scope of Related Government of Canada Guidelines
The Guideline on Defining Authentication Requirements defines the following two-step process:
The Guideline on Defining Authentication Requirements also provides recommendations on other mechanisms for mitigating risk.
This subsection provides detailed guidance on implementing the requirements specified in Appendix C of the Standard on Identity and Credential Assurance.
There are four categories of requirements to establish an identity assurance level. These four categories are listed below with a high-level control objective statement and a brief description.
For ease of reference, Table 2 is reproduced from Appendix C of the Standard on Identity and Credential Assurance. Table 2 specifies the minimum requirements by category associated with each level of assurance.
Requirement | Level 1 | Level 2 | Level 3 | Level 4 |
---|---|---|---|---|
Uniqueness | Define identity information | Define identity information | Define identity information | Define identity information |
Evidence of Identity | No restriction on what is provided as evidence | One instance of evidence of identity | Two instances of evidence of identity | Three instances of evidence of identity |
Accuracy of Identity Information | Acceptance of self-assertion of identity information by an individual | Identity information acceptably matches assertion by an individual and evidence of identity and Confirmation that evidence of identity originates from appropriate authority | Identity information acceptably matches assertion by an individual and all instances of evidence of identity and Confirmation of the foundational evidence of identity using authoritative source and Confirmation that supporting evidence of identity originates from appropriate authority, using authoritative source | Identity information acceptably matches assertion by an individual and all instances of evidence of identity and Confirmation of the foundational evidence of identity using authoritative source and Confirmation that supporting evidence of identity originates from appropriate authority, using authoritative source |
Linkage of Identity Information to Individual | No requirement | No requirement | At least one of the following:
| At least three of the following:
|
The uniqueness requirement ensures that individuals can be distinguished from one another and that the right service is delivered to the right individual at the right time. Uniqueness reduces the possibility of an individual receiving a service or benefit intended for someone else.
Uniqueness is required when a service must deliver an output or benefit to a specific individual—for example, the same individual from a previous registration or enrolment process. In some cases the identity of the individual may not be required or desired, such as the identity of a survey respondent.
Uniqueness, on its own, does not determine eligibility or entitlement for a service or benefit. However, information that is collected to determine uniqueness may also be used for eligibility or entitlement purposes and may therefore be subject to other legislative and privacy requirements. In cases where a transaction has two or more purposes (for example, to determine identity and entitlement), the intended uses of the information need to be clear.
In delivering programs and services, government organizations operate within a certain environment or set of circumstances known as the identity context. Identity context is further defined by factors such as mandate, target population (clients) and responsibilities prescribed by legislation or agreements.
Understanding and defining identity context assists government organizations in determining uniqueness requirements. Identity context helps establish what identity information is required, and what information is not required. It also helps determine commonalities with other government organizations or jurisdictions, and whether identity information or assurance processes can be used across contexts.
Identity context may be considered from the perspective of the individual, the federal organization or the Government of Canada. For example, an identity context may be the set of external services to citizens, or the set of internal services to employees.
It is recommended that government organizations keep the following in mind when defining or specifying the identity context of a given program or service:
The term "identity" is defined in the Standard on Identity and Credential Assurance as a reference or designation used to distinguish a unique and particular individual, organization or deviceFootnote 3.
Identity information is considered to be valid within a defined identity context (see subsection 3.3.2). Within an identity context, it is critical to be able to distinguish individuals from one another so that services can be delivered to the right individuals.
Under the Directive on Identity Management, government organizations are responsible for ensuring the legitimacy of identity when
A property or characteristic associated with an identifiable individual is typically referred to as an identity attribute or an identity data element. "Identity information" is understood to be the set of identity attributes that is both
The identity attribute or the set of identity attributes used to distinguish a unique and particular individual, organization or device may also be referred to as an identifier. It is recommended that identity attributes used as identifiers be the same or continuous over time. In many cases continuity is not possible, and government organizations may choose instead to create or use an assigned identifier. This identifier is typically a numeric or alphanumeric string that is generated automatically, and that uniquely distinguishes between individuals and is independent of any other identity attributes.
Additional attributes may be used to further distinguish between similar individuals or to assist in the recognition of a particular individual. These attributes may not necessarily be unique to the individual (for example, hair colour, and height) or may change over time.
When defining or determining the sufficiency of identity information for a given service delivery context or program administration requirement, government organizations, for privacy reasons, should distinguish between identity information and program-specific personal information, which can overlap. This distinction ensures that the use of identity information is consistent with the original purpose for which the identity information was obtained and that it can be managed separately or protected by appropriate security and privacy controlsFootnote 5.
To minimize privacy risk, government organizations should reduce the overlap between identity information and program specific personal information as much as possible. However, when overlap is required, it is a good practice to describe both purposes. For example, date of birth can be used for uniqueness (as identity information) and for age eligibility (as program-specific personal information).
The following considerations apply when determining the sufficiency of identity information:
Evidence of identity is an information record maintained by an authoritative source that supports the integrity and accuracy of the claims made by an individual. What constitutes sufficient evidence to support the claims depends on the level of assurance required, as illustrated in Table 2.
The Standard on Identity and Credential Assurance defines two categories of evidence of identity:
When defining operational requirements or procedures, it is a good practice to refer to documents specifically by name (for example, passport, driver's licence), in keeping with their original purpose, rather than generally as identity documents.
It is recommended that government organizations use evidence of identity only for the following purposes:
It is recommended that government organizations have processes in place to ensure that the identity information about an individual
In certain cases, identity information collected through evidence of identity (for example, age, residency, citizenship status) can also be used to determine program entitlement or eligibility. Government organizations need to ensure that any such additional use of information is supported by legislation.
Evidence of identity may be presented or accepted in the following forms:
The evidence of identity requirements specified in Table 3 are independent of the form in which the evidence is presented. Further, instances of evidence of identity should originate from, or be issued by, different authoritative sources.
Table 3 sets out the acceptability criteria for foundational and supporting evidence of identity. Government organizations are expected to adapt acceptability criteria to their particular program or service delivery context.
Evidence of Identity Category | Acceptability Criteria and Examples |
---|---|
Table 3 Notes
| |
Foundational Evidence | Acceptability criteria:
Acceptable authoritative sources, records and documents:
|
Supporting Evidence | Acceptability criteria:
If accepted in conjunction with foundational evidence of identity (Level 3 and Level 4):
Acceptable authoritative sources, records and documents:
|
Children, minors or other vulnerable individuals are more likely to be exploited for criminal purposes, and the tampering of their documents may result in more serious consequences. Providing services to these individuals often involves special circumstances and additional risk factors. For example,
It is recommended that government organizations apply the following guidelines when providing services to children, minors and other vulnerable individuals:
A government program may decide to include evidence of identity requirements for a parent or guardian as part of the evidence of identity requirements for the child, minor or other vulnerable individual. For example, the passport of a parent could be used as supporting evidence of identity for the child.
Note that the recommendations in this subsection do not designate the authorized representatives who may act for other individuals—for example, parents acting for children, or lawyers acting for applicants.
Table 4 provides guidelines for the assurance levels related to evidence of identity presented in Table 3. The criteria are independent of the form (documentary or electronic) in which the evidence is presented.
Assurance Level | Requirements in Appendix C of the Standard | GuidelinesTable 4 note * |
---|---|---|
Table 4 Notes
| ||
Level 1 | No restriction on what is provided as evidence |
|
Level 2 | One instance of evidence of identity |
|
Level 3 | Two instances of evidence of identity (at least one must be foundational evidence of identity) |
|
Level 4 | Three instances of evidence of identity (at least one must be foundational evidence of identity) |
|
The requirement for accuracy ensures the quality of the identity information. Identity information is expected to represent what is true about an individual, and to be complete and up to date. To ensure the accuracy of identity information, the following considerations apply:
Identity validation is the process of confirming the accuracy of identity information as established by an authoritative partyFootnote 7. Depending on the program or service requirements and the privacy considerations, government organizations may validate identity information using different authoritative sources. For example, a date of birth may be electronically validated using a provincial vital statistics registry.
If validation using an authoritative source is not feasible, other methods may be used, such as corroborating identity information using one or more instances of evidence of identity. Government organizations are advised to keep in mind the fraud considerations described in subsection 3.7.2.
Determining the accuracy of identity information involves confirming that the individual currently exists or previously existed (was alive but is now deceased). Identity information needs to relate to a real individual (living or dead) and not to a non-existent or incorrect individual.
When the authoritative source is outside Canadian jurisdiction, the accuracy of identity information may be determined through a risk-managed approach.
Accuracy of identity information is independent of whether an individual is living or deceased. An individual's identity information does not cease to exist after death. In cases of death, it becomes important that an individual's identity information is used properly by authorized individuals—for example, by the surviving spouse or executor.
Factors such as spelling and phonetic variations, name changes and different character sets can make determining the accuracy of identity information challenging. Such factors may make it difficult to prescribe exact match criteria. Government organizations may need to use approximate or statistical matching methods to determine whether identity information acceptably matches an authoritative record.
An assigned identifier (see subsection 3.3.3) should be subject to an exact match. In cases where the integrity of an identifier can be determined using a mathematical algorithm (for example, checksum), these methods should be applied as part of the validation process.
Table 5 provides guidelines for requirements related to the accuracy of identity information presented in Table 1. This guidance applies only in establishing the accuracy of identity information.
Assurance Level | Requirements in Appendix C of the Standard | GuidelinesTable 5 note * |
---|---|---|
Table 5 Notes
| ||
Level 1 | Acceptance of self-assertion of identity information by an individual |
|
Level 2 | Identity information acceptably matches assertion by an individual and evidence of identity and Confirmation that evidence of identity originates from an appropriate authority |
|
Level 3 | Identity information acceptably matches assertion by an individual and all instances of evidence of identity and Confirmation of the foundational evidence of identity using an authoritative source and Confirmation that supporting evidence of identity originates from an appropriate authority, using an authoritative source or Inspection by a trained examiner |
|
Level 4 | Identity information acceptably matches assertion by an individual and all instances of evidence of identity and Confirmation of the foundational evidence of identity using an authoritative source and Confirmation that supporting evidence of identity originates from an appropriate authority, using an authoritative source or Inspection by a trained examiner |
|
The linkage requirement ensures that identity information relates to the individual making the claim. Linkage ensures that the identity information relates to a real person who is using his or her own identity information—that is, the identity information is not being fraudulently used by an imposter.
The process of determining linkage to an individual is usually carried out when a person with no prior relationship or association with a program or service is initiating a transaction for the first time. For example, a first encounter with a program registration or a service enrolment process usually requires an individual to provide an indication of proof of identity.
Linkage to an individual may also be referred to as identity verification. Identity verification is not the same as identity validation. Identity verification is the process of confirming that the identity information relates to the person making the claim.
The Standard on Identity and Credential Assurance describes four methods that can be used to determine linkage to an individualFootnote 8.
Government organizations determine which method or combination of methods they will use to determine linkage according to their program requirements. When selecting the appropriate methods, they need to assess relevant business, privacy and legal considerations.
Method Type | Method Examples |
---|---|
Table 6 Notes
| |
Knowledge-based confirmation |
|
Biological or behavioural characteristic confirmation |
|
Trusted referee confirmationTable 6 note * |
|
Physical possession confirmation |
|
Table 7 provides guidelines on selecting a method for confirming the linkage of identity information to an individual.
Assurance Level | Requirement | GuidelinesTable 7 note * |
---|---|---|
Table 7 Notes
| ||
Level 1 | No requirement |
|
Level 2 | No requirement |
|
Level 3 | At least one of the following linkage methods:
|
|
Level 4 | At least three of the following linkage methods:
|
|
Managing identity risk is similar to managing other corporate risks; however, there are special considerations for identity:
The following are some of the specific risk factors related to the identity of individuals:
Government organizations should be familiar with the different methods of fraud, as these may present risks when implementing the requirements of the Standard on Identity and Credential Assurance.
Document fraud is the fraudulent acquisition, production or alteration of documents issued by an authority. The following are the techniques of document fraud:
Records fraud is the unauthorized creation, insertion, alteration or deletion of authoritative records under the control of an institution. The creation of false records or the alteration of existing records may result in the issuance of documents or entitlements that are not legitimate. The following are the techniques of record fraud:
Imposter fraud is the fraudulent use of another person’s identity information, whether this person is real or fictitious. Imposter fraud may involve the following activities:
Identity assurance level requirements are typically part of a more comprehensive set of program or service requirements that are integrated into a broader business or system process. This subsection presents considerations for integrating identity assurance level requirements into business or system processes. For example, one department may decide to integrate these requirements into a client registration process to support a single program. Another department may decide to implement the requirements by creating an identity assurance process that can be incorporated into many programs and services.
Regardless of the integration approach taken, government organizations need to be able to demonstrate how they meet all of the requirements for the identity assurance levels determined for their programs and services.
When implementing the requirements for identity assurance, it is recommended that government organizations consider the following:
A federation is a cooperative agreement between autonomous entities that have agreed to work together. It can consist of public and private sector organizations, different jurisdictions or different countries. Many federations are informal in nature and are based on shared practices and objectives that have been developed over time. As these informal federations mature, the informal arrangements are replaced by agreed-on trust frameworks and assessment processes that can include contractual agreements, service agreements, legal obligations and dispute resolution mechanisms.
Federations become a compelling option when there is a business need to provide online services seamlessly across departmental and jurisdictional boundaries in a way that includes both public and private service providers. Fulfilling this need requires a level of trust between different kinds of organizations that have diverse mandates and act under different authorities. A trust framework stipulates adherence to agreed-on standards, formalizes assessment processes, and defines the roles and responsibilities within multi-party arrangements.
The Government of Canada is committed to assisting federal, provincial, territorial and municipal partners in fulfilling their respective program and service requirements, using trusted common processes.
The Government of Canada is collaborating with jurisdictions to develop a pan-Canadian approach to federating identity that respects the autonomy and the laws of the different jurisdictions. In November 2014, the Federal, Provincial, Territorial Deputy Ministers’ (FPT DM) Table on Service Delivery Collaboration approved the Pan-Canadian Identity Validation StandardFootnote 9, which standardizes identity information and personal information validation requests and responses between federal, provincial, territorial and municipal organizations.
It is recommended that government organizations incorporate the Pan-Canadian Identity Validation Standard into the implementation planning of their programs and services.
This guideline can be used as a framework to help a government organization transition to a federated model and rely on trusted services provided by other organizations. Instead of implementing the requirements for identity assurance on its own, a government organization may choose to adopt a federated model. Before becoming a member of a federation, however, a government organization should ensure that certain key elements of a federated model are implemented within its own organizational context, specifically, the roles of authoritative party and relying party.
An authoritative party is defined in the Standard on Identity and Credential Assurance as a federation member that provides assurance (of credential or identity) to other members (relying parties). A relying party is a federation member who relies on assurances (of credential or identity) from other members (authoritative parties). One unit of an organization may assume the role of an authoritative party while the other units take on the role of relying parties. For example, a departmental human resources (HR) system could play the part of the authoritative party regarding employee information, while the departmental security system responsible for issuing employee identification cards takes on the role of the relying party.
Table 8 outlines key considerations for taking on the roles of authoritative party and relying party.
Organizational Role | Not a Member of a Federation | As a Member of a Federation |
---|---|---|
Acting in the role of an authoritative party | Considerations for organization:
Organizations should:
Example: A departmental HR system that maintains an authoritative employee record. | Considerations for organization:
Organizations should:
|
Acting in the role of a relying party | Considerations for organizations:
Organizations should:
Example: A departmental security system that relies on an authoritative employee record maintained by a departmental HR system. | Considerations for organizations:
Organizations should:
|
The Government of Canada is participating in the development of a Pan-Canadian Identity Trust Framework that will facilitate work with other jurisdictions and assess industry trust frameworks for use by the Government of Canada. The Standard on Identity and Credential Assurance, as well as this guideline, will be an integral part of this trust framework. Government organizations can be assured that the standard and its implementation are designed to support the adoption of existing and emerging trust frameworks.
When implementing the requirements for identity assurance, government organizations should ensure compliance with other applicable policy instruments or legislation. For example, another policy may require a government organization to use a certain assigned identifier or may permit the collection of only a defined set of attributes that can be used as identity information.
When implementing identity assurance requirements, government organizations must comply with the Privacy Act and the Policy on Privacy Protection. Consideration needs to be given to the right to the privacy of individuals, while ensuring access to their personal information and maintaining its accuracy.
Information about an identifiable individual is considered to be personal information and is therefore subject to the Privacy Act. Collecting, using, disclosing or disposing of identity information must be in accordance with the Privacy Act and departmental legislation. All identity information should be considered to be a subset of “personal information,” as defined by the Privacy Act. Government organizations are advised to consult with legal counsel to ensure that their management of identity information is consistent with their enabling legislation.
The Policy on Privacy Protection and its related privacy directives, standards and guidelines apply to identity information. Government organizations are expected to identify, assess, monitor and mitigate any privacy risks involved in the creation, collection, use, retention, disclosure and disposal of identity information.
It is important that government organizations distinguish between the information they collect to support identity assurance requirements and other personal information that is collected, used, retained and disposed of for a specific program or service. Failure to properly separate identity information from program or service-specific information may have privacy implications. This is a key consideration, for example, when identity information is collected and used to support several related services.
Identity information may be collected, used, retained, disclosed and disposed of as part of a larger business process, such as processing registrations or determining entitlement. If the identity information is to be derived from existing program-specific information, government organizations need to ensure compliance with the Policy on Privacy Protection. Compliance includes ensuring that the use of identity information is consistent with the original purpose(s) for which the information was obtained or compiled.
There are various means of protecting identity information, such as separating records into different data repositories, encrypting data, and substituting or mapping identifiers. Regardless of the mechanisms used, the resulting information should be considered to be personal information.
Federal government organizations must comply with the Policy on Service. When implementing identity assurance requirements, government organizations should consider designing services that have a strong client orientation and that are integrated, simple, timely and convenient.
Government organizations, as they develop new services and transform existing services, are encouraged to think beyond document-based processes and technology-specific implementations. To enable participation in a broader identity management federation, government organizations are also encouraged to standardize practices, processes and technologies that can be extended beyond their own organizations in a manner that maintains trust and integrity.
For more information on complying with service delivery requirements, see the Policy on Service.
Government organizations need to be familiar with and understand the potential applicability of the following sections of the Criminal Code, including its definitions of “identity document” and “identity information” as they apply in the context of the Code. The relevant sections are listed below:
In addition to the policies and legislation discussed above, government organizations should determine whether other policy instruments or legislation may be applicable to their context.
For details on these instruments and other resources, including industry and international documents, refer to Appendix B.
This guideline will be reviewed and updated as required.
For interpretation of any aspect of this Guideline, please contact Treasury Board of Canada Secretariat Public Enquiries.
The key terms used in this guideline include authoritative definitions from the Standard on Identity and Credential Assurance, terms defined in related guidelines and industry references, and definitions developed by the working group for this guideline.
This section provides a summary of the policies, directives, standards and guidelines for the management of information, IT security and privacy.
The objective of the Policy on Government Security is to ensure that deputy heads effectively manage security activities within government organizations and contribute to effective government-wide security management. The policy is supported by two directives:
The Directive on Identity Management is supported by one standard and two guidelines:
The objectives of the Policy on Privacy Protection are:
The Policy on Privacy Protection is supported by the following directives:
The objective of the Policy on Information Management is to achieve efficient and effective information management to support program and service delivery; foster informed decision making; facilitate accountability, transparency and collaboration; and preserve and ensure access to information and records for the benefit of present and future generations.
The Policy on Information Management is supported by the following directives:
The objective of the Policy on Service is to establish a strategic and coherent approach to the design and delivery of Government of Canada external and internal enterprise services that is client-centric, realizes operational efficiencies and promotes a culture of service management excellence.
The Policy on Service is supported by the following guidelines:
Related guidelines and tools are available at the links provided above.
This section provides related guidelines and industry standards for the management of information, IT security and privacy and for use in conjunction with the present guideline.
Government organizations may want to conduct a more generalized security risk assessment as an additional consideration when implementing the minimum requirements in Appendix C of the Standard on Identity and Credential Assurance. For example, a security risk assessment may be useful in addressing highly specialized threat agents associated with the rapidly evolving online environment and the potential vulnerabilities introduced by newer technologies—for example, tablets or mobile phones.
For guidance on authentication related to IT systems and electronic service delivery, government organizations are advised to consult the following guidelines published by CSE:
Several documents have been developed to support the governance of, and contracting of services for, cyber authentication. Government organizations may wish to consult these documents, which are available by contacting the Chief Information Officer Branch (see subsection 5.2 of this guideline).
Government organizations are encouraged to become familiar with standards that enable a pan-Canadian approach. Pan-Canadian standards are currently being developed by the Identity Management Sub-Committee (IMSC), an inter-jurisdictional body that reports to the Public Sector Chief Information Council (PSCIOC) and the Public Sector Service Delivery Council (PSSDC) (also referred to as the Joint Councils). These councils are supported by the Institute for Citizen-Centred Service.
Government organizations are encouraged to use and adopt other frameworks, standards and guidelines, where appropriate. Industry and government have adopted the four-level assurance model in Appendix C of the Standard on Identity and Credential Assurance, which is illustrated in Table 1. However, there are a few differences between this model and the other frameworks, standards and guidelines. When applying related resources, government organizations should consider the following:
It should be noted that the Government of Canada is currently formalizing a trust framework adoption process that will approve industry and public sector trust frameworks. The following is a non-exhaustive list of frameworks, standards and guidelines that may be used:
For a definition of identity and other terms used in this guideline, see Appendix A.
This guideline applies only to individuals.
Standard on Identity and Credential Assurance, Appendix A
Directive on Identity Management, subsection 3.5.
Additional controls as required by applicable legislation, such as the Access to Information Act and the Privacy Act.
Standard on Identity and Credential Assurance, Appendix A.
Identity validation is also known as identity information validation. The best reference on identity validation is the unpublished Pan-Canadian Identity Validation Standard, which is available by contacting the Security and Identity Management Division of the Chief Information Officer Branch.
Standard on Identity and Credential Assurance, Appendix A.
The Pan-Canadian Identity Validation Standard will be posted on the Institute for Citizen-Centred Service's website and GCPedia
The Guideline on Defining Authentication Requirements defines a two-step process. Step 1: Determine assurance level requirement, and Step 2: Determine authentication options, including compensating factors and other safeguards.
The Guideline on Defining Authentication Requirements provides an output of Identity Assurance Level Request that used as input into the Guideline on Identity Assurance. The Guideline on Identity Assurance, taking into account identity context, is used to assist implementing identity assurance level requirements.
The Guideline on Defining Authentication Requirements also provides the outputs of Credential Assurance Requirement and Authentication Requirements. These are used as inputs into ITSG-31 User Authentication Guidance for IT Systems and ITSG-33 IT Security Risk Management: A Lifecycle Approach.
When taken together, the outputs of the guidelines may be used to assist in the decisions of federating credentials or federating identity, which are enablers to federation.