NIEF TPAT | TD: NIEF 28 CFR Certification Indicator Attribute

NIEF 28 CFR Certification Indicator Attribute, v1.0

Specifies requirements for Identity Provider Organizations (IDPOs) that wish to assert the National Identity Exchange Federation (NIEF) 28 CFR Certification Indicator attribute on behalf of their users.

Assessment Steps (2)

1 Usage (Usage) Does the organization correctly assert the 28 CFR Certification Indicator attribute in accordance with the established attribute format rules for the Federated ICAM protocol(s) and conformance or interoperability profile(s) that it uses? Also, does the asserted attribute name align with the attribute definition provided in the NIEF Attribute Registry? See https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0/. Artifact Sample Provide a sample of a technical protocol assertion (e.g., JSON, XML, SAML, OIDC, etc.) correctly using this attribute.
2 Provenance (Provenance) Does the organization assert the 28 CFR certification attribute appropriately? Provide details on how the organization asserts this attribute in a manner that aligns with the requirements as per the attribute's definition. Artifact 28 CFR Certification Provide details on how users undergo 28 CFR training. If they take an online course, please provide details on how the results of this testing are tabulated and recorded. Or if the attribute is sourced directly from a training agency, clearly specify that fact.

Conformance Criteria (1)

Attribute Validity When asserting the 28 CFR Certification Indicator attribute on behalf of a user, an IDPO or APO shall assert the attribute name correctly, in accordance with the attribute definition as stipulated at https://nief.org/attribute-registry/attributes/user/gfipm/28CFRCertificationIndicator/2.0/. In addition, an IDPO or APO shall assert a 28 CFR Certification Indicator attribute value of 'true' for a user only if the user has been trained and certified in the handling of criminal intelligence data in accordance with Code of Federal Regulations, Title 28 (28 CFR), Part 23. One way for a user to meet this requirement is by having taken and passed the online 28 CFR Part 23 training course and certification exam offered by the U.S. Department of Justice Bureau of Justice Assistance (BJA) via its Secured National Criminal Intelligence Resource Center (NCIRC) Web Site (http://www.ncirc.gov/securedwebsite.cfm). Alternatively, a user may meet this requirement by having taken and passed an equivalent offline 28 CFR Part 23 training course, offered by the Institute for Intergovernmental Research (IIR). (See https://28cfr.iir.com/ for details.)

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://trustmark.nief.org/tpat/tds/nief-28-cfr-certification-indicator-attribute/1.0/

Publication Date

2017-11-21

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

NIEF, National Identity Exchange Federation, Attributes, NIEF Attributes, Identity Provider Organization, IDPO, Attribute Provenance, Attribute Provider Organization, APO, Interoperability

Issuance Criteria

yes(ALL)

Target Stakeholder

Identity Provider Organizations (IDPOs) and Attribute Provider Organizations (APOs) within the NIEF community, as well as Federated ICAM Relying Parties that require assurances about the quality of attributes asserted by NIEF IDPOs and APOs.

Target Recipient

Identity Provider Organizations (IDPOs) and Attribute Provider Organizations (APOs) that intend to assert Federated ICAM attributes in a manner that conforms to the attribute assertion requirements stipulated by NIEF.

Target Relying Party

Federated ICAM Relying Parties that require assurances about the quality of attributes asserted by NIEF IDPOs and APOs.

Target Provider

Trustmark Providers that are capable of issuing Federated ICAM interoperability trustmarks. Note that the Trustmark Provider must have a access to a fully functional Federated ICAM test federation to perform the necessary assessment steps for this trustmark.

Provider Eligibility Criteria

Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.

Assessor Qualifications

Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.

Trustmark Revocation Criteria

For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied, unless the trustmark contains appropriate documentation of that condition in accordance with the exception reporting requirements specified by the Trustmark Framework Technical Specification.

Extension Description

This Trustmark Definition requires no extension data.

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Terms (5)

Term Name	Abbreviations	Definition
Global Federated Identity and Privilege Management	GFIPM	An applied research program in federated identity and credential management that was initiated in 2005 as part of the Global Justice Information Sharing Initiative. The GFIPM program sought to develop secure, scalable, and cost-effective technologies for information sharing within the law enforcement and criminal justice communities.
Identity Provider	IDP	A software entity that performs user authentication each time an individual presents themselves to a federated identity trust framework or issues user assertions about the individual for a given information technology session. These user assertions are presented to systems deployed by Service Provider Organizations (SPOs) in a federated identity trust framework for the purposes of access control and audit.
Identity Provider Organization	IDPO	An organization that vets individuals, collects attributes about these individuals, and maintains those attributes in an accurate manner. The IDPO may operate one or more Identity Provider (IDP) systems in a federated identity trust framework.
National Identity Exchange Federation	NIEF	A collection of agencies in the U.S. that have come together to share sensitive law enforcement information.
NIEF Attribute Registry		A collection of attribute definitions that are intended for use by organizations and communities that wish to implement Federated Identity, Credential, and Access Management (ICAM) technologies within the context of the National Identity Exchange Federation (NIEF).

Also available as XML or JSON