What credential service providers or certification authorities are acceptable?
A. DEA expects that application providers will work with credential service providers or certification authorities to direct practitioners to one or more sources of two-factor authentication credentials that will be interoperable with their applications. For practitioners who are obtaining a two-factor authentication credential that does not include a digital certificate, DEA is requiring that they obtain their authentication credential from a credential service provider that has been approved by the General Services Administration Office of Technology Strategy/Division of Identity Management to conduct identity proofing that meets National Institute of Standards and Technology Special Publication 800-63-1 Assurance Level 3 or above. For practitioners obtaining a digital certificate, DEA is requiring that they obtain the digital certificate from a certification authority that is cross-certified with the Federal Bridge Certification Authority (FBCA) at a basic assurance level or higher
Related Questions
- Do the users of service animals (including seeing-eye dogs) have to carry certification that their dogs have been trained by a credential organization?
- If I am registered for the LSAC LL.M. Credential Assembly Service, must I complete the Registrars Certification form?
- Do foreign dentists need to get their educational credentials certified by a US credential certification service?
