NIEF Background Check Status Indicator Attribute, v1.0
Specifies requirements for Identity Provider Organizations (IDPOs) that wish to assert the National Identity Exchange Federation (NIEF) Background Check Status Indicator attribute on behalf of their users.
Assessment Steps (3)
Does the organization correctly assert the Background Check Status attribute in accordance with the established attribute format rules for the Federated ICAM protocol(s) and conformance or interoperability profile(s) that it uses? Also, does the asserted attribute name align with the attribute definition provided in the NIEF Attribute Registry? See https://nief.org/attribute-registry/attributes/user/nief/BackgroundCheckStatusIndicator/1.0/.
Provide a sample of a technical protocol assertion (e.g., JSON, XML, SAML, OIDC, etc.) correctly using this attribute.
Does the organization perform a thorough criminal background check including fingerprint checks against state and national databases and verifies that there are no adverse results found?
Background Check Information
Provide details on how the organization handles background checks.
Does the organization have a remediation process for handling cases where a user's background check fails, but they are still a candidate for employment? Verify that such users will not assert BackgroundCheckPassed. (ie. Unless the RP thoroughly reviews and accepts the remediation process of a given IDP, it should not be assumed that the remediation process of the IDP is sufficient for all RPs)
Document/upload the policy/process the organization uses for remediating failed background checks.
Conformance Criteria (1)
When asserting the Background Check Status attribute on behalf of a user, an IDPO or APO shall assert the attribute name correctly, in accordance with the attribute definition as stipulated at https://nief.org/attribute-registry/attributes/user/nief/BackgroundCheckStatusIndicator/1.0/. In addition, an IDPO or APO shall assert a Background Check Status Indicator attribute value of 'true' for a user only if the user has passed a thorough criminal background check.