January 16th - Information Session - Kantara's shift to ISO 17065
Good morning all: As many of you may know, Kantara plans to transition to following the ISO 17065 standard for assessments and certification in 2025, and we wish to provide as much information as possible to all parties via information sessions to review the benefits. On January 16th at 12PM EST, we are running a 1-hour session, and we welcome your participation. *(For IAWG participants: This will occur on the usual Zoom link and serves as the weekly call.)* There are many good reasons to provide assessments that follow this international standard, and as such, the session will cover: - Overview of ISO 17065 - Benefits for assessed companies - What ISO 17065 covers and how this affects you - What will Kantara do differently? - A brief list of documents to be updated - Q&A We are excited to see you on January 16th. Zoom details are below. RSVPs are unnecessary, but please contact staff@kantarainitiative.org <staff@kantarainitiative.org> with any additional questions. Also, feel free to forward to others who may benefit from attending! Zoom details: - Date: Thursday, 2025 - January - 16 - Time: 9:00 PT | 12:00 ET (time zone calculator <https://www.timeanddate.com/worldclock/converter.html>) - Please join the meeting from your computer, tablet or smartphone: https://zoom.us/j/93167965850?pwd=dldoT0hYK1k4MkVGYkQ3TkNqdG1Idz09 - Meeting ID: 931 6796 5850 - Passcode: 884696 - You can also dial in using your phone. Find your local number: https://zoom.us/u/aeg9vt8LSr <https://zoom.us/u/abUx61ivsc> Best, -Amanda -- *Amanda Gay | **Administrative** Coordinator* *Twitter:* @KantaraNews *LinkedIn:* @KantaraInitiative **Please take a few minutes to complete the third annual DEIA survey <https://www.surveymonkey.com/r/3LPP3WL>!**
I got caught in a semantic discussion about a piece of SP 800-63B – which I thought might be worth consideration by this august body. In section 5.2.3 (Use of Biometrics) it says: … Biometric samples collected in the authentication process MAY be used to train comparison algorithms or — with user consent — for other research purposes. Biometric samples and any biometric data derived from the biometric sample such as a probe produced through signal processing SHALL be zeroized immediately after any training or research data has been derived. In the criteria we have render this as: “ 63A#0680 - The CSP SHALL zeroize the biometric sample (including any associated biometric data) immediately after any training or research data has been derived.” At first glance this seems to say biometric data that is used for training or research should be zeroized after its use. It might mean, but doesn’t quite seem to say, biometric data should be zeroized, but you can keep it long enough to use it for training or research. That being said, in light of some conversations we’ve had about retaining identity evidence and due diligence, I’m wondering f this isn’t more complicated. Recently, we discussed how our criteria exceeded 800-63 to require the recording of evidence showing the identity process had been performed correctly. Certainly, the photo on a scanned driver’s license or passport would be such evidence and would also include “biometric data”. So would a selfie or even minutia. How are we reconciling our need to be able to prove the identity process was performed correctly with this requirement to delete all the photos and biometrics? Jimmy .
participants (2)
-
Amanda Gay -
Jimmy Jung