NIEF Simple Authenticator Assurance Profile for Access to Key Asset and Critical Infrastructure Protection Data, v1.0

Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Key Asset and Critical Infrastructure Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.2. Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. Systems that handle Key Asset and Critical Infrastructure Protection information should operate at an impact level of HIGH confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
Identifier https://trustmark.nief.org/tpat/tips/nief-simple-authenticator-assurance-profile-for-access-to-key-asset-and-critical-infrastructure-protection-data/1.0/
Publication Date 2021-08-28
Issuing Organization
NIEF Support help@nief.org No telephone No Mailing Address
Keywords Security, NIEF, Key Asset and Critical Infrastructure Protection
Legal Notice This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_NIEFSimpleAuthenticatorAssuranceProfileforDataCategorieswithHIGHRiskImpact

References (1)

 TIP  NIEF Simple Authenticator Assurance Profile for Data Categories with HIGH Risk Impact, v1.0
Description NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 3 (AAL3) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
ID TIP_NIEFSimpleAuthenticatorAssuranceProfileforDataCategorieswithHIGHRiskImpact

Sources (4)

NIEF National Identity Exchange Federation
NIST SP 800-63B NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. June 2017. Available at https://doi.org/10.6028/NIST.SP.800-63b.
SP800-60V1R1 NIST Special Publication 800-60 Volume I, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v1r1.
SP800-60V2R1 NIST Special Publication 800-60 Volume II, Revision 1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v2r1.
Also available as XML or JSON