Compliance

Technical Assurance Framework

Standards, Security & Privacy Compliance

SevisPNG implements international standards for digital identity, biometric assurance, cybersecurity, and data governance. Our technical framework ensures interoperability, security, and privacy across the ecosystem.

Digital Identity & Interoperability

Open standards ensuring credentials work across borders and systems.

IETF SD-JWT

Selective disclosure JSON Web Tokens enabling privacy-preserving credential presentation.

W3C Verifiable Credentials v2.0

Data model for expressing cryptographically verifiable credentials.

ISO/IEC 23220-2 & 23220-4

Mobile driving licence and identity document interfaces.

OIDC4VCI & OIDC4VP

OpenID Connect protocols for Verifiable Credential Issuance and Presentation.

DIDComm v2

Secure, privacy-preserving peer-to-peer messaging protocol.

eIDAS Alignment

European electronic identification standards for cross-border interoperability.

Biometric Assurance

International standards for biometric capture, storage, and matching.

ISO/IEC 19794-4

Biometric data interchange formats for fingerprint minutiae data.

ISO/IEC 19794-5

Biometric data interchange formats for facial image data.

ISO/IEC 30107-3

Presentation attack detection (liveness detection) testing and reporting.

ISO/IEC 30136

Performance testing of biometric template protection schemes.

ISO/IEC 19795-2 (MINEX III)

Minutiae interoperability exchange test compliance.

Cybersecurity & Cryptographic Trust

Defense-in-depth security with HSM-backed key management.

Key Management

  • Two-tier architecture: HSM for root keys, KMS for operational keys
  • FIPS 140-3 Level 3 certified Hardware Security Modules
  • ISO 19790 compliance for cryptographic module security

Authentication Protocols

  • SAML 2.0 for federated identity
  • OAuth 2.0 for authorization
  • RFC 6238 (TOTP) for multi-factor authentication

Encryption

  • TLS 1.3 for transport security
  • AES-256-GCM for data at rest
  • ECDSA P-256 / Ed25519 for digital signatures

Privacy & Data Governance

Frameworks ensuring lawful, transparent, and citizen-controlled data processing.

ISO/IEC 29115

Entity authentication assurance framework defining four levels of identity assurance.

ISO/IEC 24760

Framework for identity management covering the full identity lifecycle.

GDPR Alignment

EU General Data Protection Regulation principles for lawful data processing.

CCPA Alignment

California Consumer Privacy Act provisions for consumer data rights.

Accessibility

SevisPNG is committed to inclusive digital services accessible to all citizens, regardless of ability.

WCAG 2.1 Compliance

  • Perceivable: Text alternatives, captions, adaptable content
  • Operable: Keyboard navigation, sufficient time, seizure-safe design
  • Understandable: Readable, predictable, input assistance
  • Robust: Compatible with assistive technologies

Inclusive by Design

Multiple access channels—smartphone app and registered agents—ensure every citizen can participate regardless of device or connectivity.

Trust Governance

Decentralized trust architecture aligned with international frameworks.

Trust Over IP (ToIP) Alignment

Four-layer model for decentralized digital trust: utilities, providers, credentials, and applications.

  • Layer 1: Decentralized identifier utilities
  • Layer 2: DIDComm peer-to-peer agents
  • Layer 3: Verifiable credential exchange
  • Layer 4: Application ecosystem governance

Technical Trust Registry

Authoritative registry of trusted ecosystem participants.

  • Registered credential issuers
  • Approved credential schemas
  • Authorized verifier organizations
  • Root of trust certificate hierarchy

Questions About Compliance?

Contact DICT for detailed technical specifications, compliance requirements, or to request assurance documentation.

Governance FrameworkContact DICT