ICAM Privacy - Adequate Notice of Federated Authentication, v1.0
Defines privacy requirements related to adequate notice to end-users for federated authentication events.
Assessment Step
1
ICAM Privacy - Adequate Notice of Federated Authentication (ICAMPrivacy-AdequateNoticeofFederatedAuthentication)
Does the organization provide local End Users with adequate notice regarding federated authentication? Note that "Adequate Notice" includes a general description of the authentication event, any transaction(s) with the relying party system(s), the purpose of the transaction(s), and a description of any disclosure or transmission of personally identifiable information (PII) to any party.
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
|
Conformance Criteria (1)
C1
An organization MUST provide local End Users with adequate notice regarding federated authentication. "Adequate Notice" includes a general description of the authentication event, any transaction(s) with the relying party system(s), the purpose of the transaction(s), and a description of any disclosure or transmission of personally identifiable information (PII) to any party.
Citation
NIEFPP
Section 4: NIEF Privacy Policy Rules, Item 4: Adequate Notice of Federated Authentication
|