WASHINGTON, DC, NY / ACCESS Newswire / October 7, 2025 / The CARIN Alliance recently announced the publication of the nation's first unified digital identity credential trust framework policy, developed in partnership with DirectTrust® and Kantara Initiative™.

The CARIN Digital Identity Credential Policy integrates and harmonizes three major trust framework policies:

• National Institute of Standards and Technology (NIST) 800-53, which governs security and privacy;

• NIST 800-63, also known as the Digital Identity Guidelines, is the latest revision in a widely recognized framework for establishing secure and reliable digital identity; and

• Request for Comments (RFC) 3647, the framework for X.509 public key infrastructure (PKI) credentials that underpins the Internet.

By normalizing these frameworks into a single, interoperable policy, the initiative establishes a foundation for digital identity credentials to be consistently recognized and exchanged across systems and organizations. This ensures that patients, providers, and other stakeholders can rely on digital identities without being limited to one network or standard. In addition, the policy enables digital credentials from both DirectTrust and Kantara Initiative to be broadly accepted by the Trusted Exchange Framework and Common Agreement (TEFCA) and other entities, forging a new and necessary connection across previously separate trust frameworks.

"This policy demonstrates what's possible when stakeholders come together to align on a common approach to digital identity," said Ryan Howells, Principal at Leavitt Partners and Program Manager of The CARIN Alliance. "By harmonizing requirements across several trust frameworks, we've created a foundation that can support interoperability not only in healthcare, but in any industry that relies on trusted digital identity exchange. Ultimately, this will reduce fragmentation, lower barriers to patient access, and enable a more seamless digital experience for everyone."

"DirectTrust included both staff and volunteer resources in our efforts to support this project, mapping our existing PKI related policies and our new Identity Provider Policy to the standard RFC 3647 framework," said Scott Stuewe, President and CEO of DirectTrust. "CARIN's new policy allows for the assessment of equivalence between frameworks without needing to directly compare the controls, and forges a unique and necessary new asset. We are excited to advance a future envisioned by the Centers for Medicare & Medicaid Services (CMS) Interoperability Framework, and we look forward to what's to come."

"Kantara Initiative brings deep expertise in trust framework development and assurance," said Kay Chopard, Executive Director of Kantara Initiative. "This policy reflects that experience by providing a consistent way for digital credentials to be recognized under TEFCA and trusted across industries."

The CARIN Alliance plans to donate the open policy to the Health Level Seven International (HL7®) Fast Healthcare Interoperability Resources (FHIR) at Scale Taskforce (FAST) Digital Identity workgroup for inclusion in their implementation guide. The CARIN Alliance also aims to explore incorporation of the policy into TEFCA.

To learn more, visit: https://www.carinalliance.com/online-patient-registration/digital-identity.

About DirectTrust®
DirectTrust® is a non-profit, vendor-neutral alliance dedicated to establishing trust in a connected world. The organization serves as a forum for a consensus-driven community focused on health communication and cybersecurity, an ANSI standards development organization, an accreditation and certification body governed by EHNAC, and a developer of technical trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and identity-verified credentials.

The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.

About The CARIN Alliance
The CARIN Alliance is a multi-sector collaborative convened by Leavitt Partners and more than 80 stakeholders, to advance the adoption of consumer-directed exchange across the U.S. Working with both the public and private sector, the group seeks to rapidly advance the ability for consumers and their authorized caregivers to easily get, use, and share their digital health information when, where, and how they want to achieve their goals. We envision a future where any consumer can choose any application to retrieve both their complete health record and their complete coverage information from any provider or plan in the country. For more information, please contact the alliance via the CARIN Alliance website or X, YouTube, or LinkedIn.

About Kantara Initiative
Kantara Initiative is a global community focused on improving the trustworthy use of identity and personal data. Our many and varied Work Groups nurture thought leadership and develop specifications that will inform policy and standards across the identity ecosystem. Topics are as wide ranging as AI and Deepfakes, Privacy Enhancing Mobile Credentials (PEMC) Shadow AI and Trusted Transaction Assurance.

We also uniquely audit companies and their products for conformance against the National Institute of Standards & Technology (NIST) 800-63 digital identity guidelines and the UK's Digital Identity & Attributes Trust Framework (DIATF) standards for privacy and identity security.

###

Press contact:
Dave Anderson
Anderson Interactive
dave@andersoni.com
770-401-1044

SOURCE: DirectTrust