ICAM Privacy - Adequate Notice of Federated Authentication, v1.0

Defines privacy requirements related to adequate notice to end-users for federated authentication events.

Assessment Step

1
ICAM Privacy - Adequate Notice of Federated Authentication (ICAMPrivacy-AdequateNoticeofFederatedAuthentication)
Does the organization provide local End Users with adequate notice regarding federated authentication? Note that "Adequate Notice" includes a general description of the authentication event, any transaction(s) with the relying party system(s), the purpose of the transaction(s), and a description of any disclosure or transmission of personally identifiable information (PII) to any party.
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.

Conformance Criteria (1)

C1
An organization MUST provide local End Users with adequate notice regarding federated authentication. "Adequate Notice" includes a general description of the authentication event, any transaction(s) with the relying party system(s), the purpose of the transaction(s), and a description of any disclosure or transmission of personally identifiable information (PII) to any party.
Citation
NIEFPP
Section 4: NIEF Privacy Policy Rules, Item 4: Adequate Notice of Federated Authentication