NIEF 28 CFR Certification Indicator Attribute, v1.0
Specifies requirements for Identity Provider Organizations (IDPOs) that wish to assert the National Identity Exchange Federation (NIEF) 28 CFR Certification Indicator attribute on behalf of their users.
Assessment Steps (2)
Does the organization correctly assert the 28 CFR Certification Indicator attribute in accordance with the established attribute format rules for the Federated ICAM protocol(s) and conformance or interoperability profile(s) that it uses? Also, does the asserted attribute name align with the attribute definition provided in the NIEF Attribute Registry? See https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0/.
Provide a sample of a technical protocol assertion (e.g., JSON, XML, SAML, OIDC, etc.) correctly using this attribute.
Does the organization assert the 28 CFR certification attribute appropriately? Provide details on how the organization asserts this attribute in a manner that aligns with the requirements as per the attribute's definition.
28 CFR Certification
Provide details on how users undergo 28 CFR training. If they take an online course, please provide details on how the results of this testing are tabulated and recorded. Or if the attribute is sourced directly from a training agency, clearly specify that fact.
Conformance Criteria (1)
When asserting the 28 CFR Certification Indicator attribute on behalf of a user, an IDPO or APO shall assert the attribute name correctly, in accordance with the attribute definition as stipulated at https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0/. In addition, an IDPO or APO shall assert a 28 CFR Certification Indicator attribute value of 'true' for a user only if the user has been trained and certified in the handling of criminal intelligence data in accordance with Code of Federal Regulations, Title 28 (28 CFR), Part 23. One way for a user to meet this requirement is by having taken and passed the online 28 CFR Part 23 training course and certification exam offered by the U.S. Department of Justice Bureau of Justice Assistance (BJA) via its Secured National Criminal Intelligence Resource Center (NCIRC) Web Site (http://www.ncirc.gov/securedwebsite.cfm). Alternatively, a user may meet this requirement by having taken and passed an equivalent offline 28 CFR Part 23 training course, offered by the Institute for Intergovernmental Research (IIR). (See https://28cfr.iir.com/ for details.)