Appendix II: Vendor Evaluation of Supplemental Considerations

For more information on each item, please see Supplemental Considerations.

Note: as none of the evaluated vendors are under a recognized socioeconomic program or status, that information isn’t duplicated in the chart below. For some of the vendors, the answer is “unknown,” and we continue working to try to find that information.

Notable commercial customers

Notable government customers

Relevant certifications

Schedule information

Alloy

Austin Capital Bank, Langley Federal Credit Union, Radius Bank

Unknown

Unknown

Unknown

Cognito

Brex, Nextdoor, Coinbase, BBVA

None

SOC2 Type 2 Compliance

No

Ekata

Lyft, Alaska Airlines

None

SOC2 Type 2 Compliance

No

Experian

NASWA Integrity Data Hub

Healthcare.gov, IRS, Michigan's MyLogin, 5-6 state UI agencies

NIST 800-63-3 IAL2 (for their full ID proofing product)

GSA (GS-35F-188AA) & NASPO

ID.me

LinkedIn, Lenovo

Vets.gov, 22 state UI agencies

NIST 800-63-3 IAL2/AAL2; in process of FedRamp authorization

Have a growing government business line, but do not promote availability on any found schedule

Idemia

n/a

TSA, USPS, US Dept. of State, 37 state DMVs, 1 state UI agency (Okla.)

-In process for NIST IAL2

-IEC CD 18013-5 Compliance

GSA

IDology

Unknown

Unknown

Unknown

Unknown

SentiLink

Several of the largest banks, credit card issuers, credit unions, and auto lenders

With at least one state’s PPP

SOC2 Type 2 Compliance, PCI Compl., EI3PA Compl.

Unknown

Socure

Seven of the nine largest U.S. banks, six of the top 10 U.S. card issuers, Chime, SoFi

Unknown

-In processes for FedRamp authorization & NIST IAL2

-SOC2 Type 2 Compliance - ISO 27001/ 27017/27018

Available on AWS Marketplace, so it may be simple to procure via an existing AWS contract