ISO IEC TS 29003-2018 PDF

Full title and description

Information technology — Security techniques — Identity proofing. This technical specification provides guidelines for proving the identity of a natural person and defines levels of identity proofing together with requirements to achieve those levels; it is intended for use within identity management systems and related processes.

Abstract

ISO/IEC TS 29003:2018 gives guidance on identity proofing of a person, specifies discrete levels of identity proofing (assurance levels) and the requirements to achieve those levels. The specification is applicable to identity management systems and supports consistent, risk‑based decisions about the strength of proofing processes.

General information

• Status: Published (confirmed following periodic review)
• Publication date: March 2018 (Edition 1).
• Publisher: ISO/IEC (developed under ISO/IEC JTC 1/SC 27).
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 1 (2018).
• Number of pages: 21.

Core bibliographic and life‑cycle information as published by ISO and national adopters. The ISO record shows publication in March 2018 and that the document was reviewed and confirmed in a subsequent 5‑year review cycle.

Scope

The TS sets out guidelines for the identity proofing of natural persons: it specifies levels of identity proofing, the types of evidence and controls (as required to meet those levels), and requirements for processes used to establish and record identity. It is intended to be used by organisations implementing or operating identity management systems and by parties that rely on identity assertions made by those systems.

Key topics and requirements

• Definitions and terminology for identity proofing and related processes.
• Specification of identity proofing levels (assurance levels) and criteria to meet them.
• Requirements for the evidence, verification actions and controls needed for each level.
• Guidance for applying identity proofing within identity management systems and processes (risk‑based selection of proofing strength).
• Operational considerations for consistent application and record keeping of proofing outcomes.

The list above summarises the principal themes addressed in the TS; it is intended to help implementers select and justify appropriate proofing approaches for their context.

Typical use and users

Adoption and use typically include identity providers, relying parties, online service providers, government agencies (e‑ID and citizen enrolment processes), system architects, security and privacy officers, procurement teams and auditors. Organisations use the TS to design, assess or compare identity proofing processes and to choose an appropriate assurance level for a given business or regulatory requirement.

Related standards

ISO/IEC TS 29003:2018 is part of the ISO/IEC JTC 1/SC 27 security techniques family and is commonly used alongside other identity, authentication and privacy standards such as ISO/IEC 29115 (Entity authentication assurance framework) and ISO/IEC 29100 (Privacy framework). It complements management and security controls standards (for example ISO/IEC 27001) and other identity‑management guidance documents.

Keywords

identity proofing, identity assurance, assurance levels, identity management, identity verification, identity evidence, authentication assurance, security techniques, JTC 1/SC 27.

FAQ

Q: What is this standard?

A: ISO/IEC TS 29003:2018 is a technical specification providing guidelines and requirements for the identity proofing of natural persons, including defined proofing (assurance) levels and the controls needed to achieve them.

Q: What does it cover?

A: It covers the principles and requirements for establishing a person’s identity—what types of evidence and verification actions are appropriate for different assurance levels, and how to apply those requirements within identity management systems.

Q: Who typically uses it?

A: Identity providers and relying parties, service operators, government e‑ID programmes, system architects, security/privacy officers, procurement teams and auditors who need to design, assess or compare identity proofing processes.

Q: Is it current or superseded?

A: The specification was published in March 2018 (Edition 1) and the ISO bibliographic record indicates it was subject to the routine five‑year review and was confirmed in a subsequent review cycle; as published on the ISO record it remains the current confirmed technical specification. Users should check the ISO bibliographic record or national standards bodies for any later revisions or national adoptions before relying on the standard for regulatory or procurement decisions.

Q: Is it part of a series?

A: It sits within the ISO/IEC JTC 1/SC 27 family of security techniques and is commonly used in conjunction with related standards addressing authentication assurance, privacy frameworks and information security management (for example ISO/IEC 29115 and ISO/IEC 29100).

Q: What are the key keywords?

A: Identity proofing, identity assurance, identity verification, assurance levels, identity management, identity evidence, authentication assurance, privacy and security techniques.