Peter Tippett, Verizon: ICAM 'Level 3' Federal Certification for Issuing Digital Credentials Earned

December 6, 2011

Verizon is at the forefront of addressing the nation's growing concerns about safeguarding online identities by becoming the first provider to earn a critical federal certification, permitting the company to issue strong digital identity credentials to government agencies and businesses in accordance with a set of predefined standards.

Verizon has earned the Identity, Credential and Access Management (ICAM) certification. ICAM, which was established by a subcommittee co-chaired by the General Services Administration and the Department of Defense, is responsible for aligning the government's identity management activities to help safeguard online identities. Many industry observers see ICAM as a key first step in the development of the larger identity ecosystem envisioned by the White House for the protection of digital identities.

Verizon is the first identity provider to earn a level 3 certification (on a scale of one to four, with four as the highest level of identity assurance). Currently, no other identity providers are certified above level 1.

Earlier this year, the White House launched an identity-management initiative to make online transactions more trustworthy. This effort - known as the National Strategy for Trusted Identities in Cyberspace (NSTIC) - is aimed at creating an Internet-identity ecosystem that uses interoperable technology standards and policies to authenticate not only consumers, but also organizations and IT infrastructure.

"As the first ICAM-certified identity provider at level 3, Verizon is leading an identity-management revolution with a simple premise: to let in the right people and keep out the wrong people," said Peter Tippett, vice president, Verizon. "As the foundation of a new identity ecosystem, we intend to better safeguard Americans and protect sensitive organizational data. By doing so, we are taking an important step in addressing the nation's identity issues."

Verizon is a long-standing expert in investigating the causes and ramifications of stolen identities. Its 2011 Verizon Data Breach Investigations Report, issued earlier this year, revealed that stolen passwords and credentials were responsible for the second-highest most comprised type of data.

"With this step, Verizon is demonstrating great leadership in the identity space," said Deborah Gallagher, acting director, identity assurance and trusted access division, General Services Administration. "We are encouraged to see the U.S. government's vision take shape through the private sector, as we advance our strategy to develop a trusted Internet framework that would better protect users through strong identity programs."

ICAM Certification Also Significant for Health Care Sector

The scope of ICAM's relevance is sweeping. For example, health care organizations can improve security when following ICAM guidelines. Working with an approved ICAM level 3 certified identity provider removes the burden on organizations of creating and managing their own credentialing infrastructure.

Verizon Earns ICAM Level 3 Certification: The Highest Level Achieved To Date

The level 3 designation means Verizon is using multifactor authentication where multiple credentials (such as a user ID and a phone) are required to gain access to government and corporate networks. This enables more rigorous identity-vetting aimed at lowering risk.

Verizon's credentials were verified by leading identity Trust Framework Provider Kantara Initiatives against the Identity Assurance Framework, which enables a party to trust the identity and security assurances from an identity provider.

Verizon Enterprise Identity Services Aimed at Protecting Users

Delivered via the cloud, Verizon Enterprise Identity Services are aimed at helping reduce the costs and complexity traditionally associated with identity rollouts. With this solution, users do not need to purchase additional hardware or software. If users lose a device, they can easily leverage a mechanism they already have -- such as a mobile or home phone -- or add an additional mechanism to retrieve their dynamic code for authentication.