Trustmark Framework Implementer Guidance for Organizations

  • Identify your information sharing use cases – what are you trying to accomplish operationally?
  • Define your trust policies for each use case and publish them in a local TPAT (text with tooltip) Trust Policy Authoring Tool
  • Earn the necessary trustmarks and publish them in a TAT (text with tooltip) Trustmark Assessment Tool
  • Could be done via self-assessment and self-issuance, or via a 3rd-party trustmark provider
  • Need to know which option(s) are acceptable to your partners before you decide what to do
  • Deploy federated system endpoints using SAML (text with tooltip) Security Assertion Markup Language and/or OIDC (text with tooltip) OpenID Connect
  • Includes interoperability & conformance testing – may require a 3rd-party trustmark provider
  • Register your federated system endpoints in the appropriate TBR (text with tooltip) Trustmark Binding Registry (s)
  • Manage your information sharing partner trust relationships using a TRPT (text with tooltip) Trustmark Relying Party Tool