NIEF TPAT | TIP: NIEF Simple Authenticator Assurance Profile for Data Categories with LOW Risk Impact

NIEF Simple Authenticator Assurance Profile for Data Categories with LOW Risk Impact, v1.0

NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 1 (AAL1) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.

Identifier

https://trustmark.nief.org/tpat/tips/nief-simple-authenticator-assurance-profile-for-data-categories-with-low-risk-impact/1.0/

Publication Date

2021-08-28

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

NIEF, Authenticator Assurance, AAL1, LOW

Legal Notice

This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TIP_ref5 and TIP_ref6 and TIP_ref7 and TIP_ref8 and TD_ref1 and (TD_ref2.fips_level >= 1 or TD_ref3) and TD_ref4

References (8)

TIP NIST SP 800-63B AAL1 Permitted Authenticators, v1.0
Description	Profile of requirements related to permitted authenticator types that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 1 (AAL1).
ID	TIP_ref5

TIP NIST SP 800-63B AAL1 General Authenticator Requirements, v1.0
Description	Profile of general authenticator requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 1 (AAL1).
ID	TIP_ref6

TIP NIST SP 800-63B Authenticator Lifecycle Management, v1.0
Description	Profile of authenticator lifecycle management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.
ID	TIP_ref7

TIP NIST SP 800-63B Session Management, v1.0
Description	Profile of session management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.
ID	TIP_ref8

TD Authentication - Use of Authenticated Protected Channel between Claimant and Verifier, v1.0
Description	All communications during authentication between the claimant and verifier must use authenticated and protected channels.
ID	TD_ref1
Provider Reference

TD FIPS 140 Cryptographic Verifier Validation for Overall Security, v1.0
Description	Approved cryptography verifiers must be used to ensure overall system security. Systems should be validated for FIPS 140 compliance level.
ID	TD_ref2
Provider Reference

TD Bona Fide Non-US Federal Government Agency or Organization, v1.0
Description	Used to demonstrate that an agency or organization is NOT part of the United States federal government, and therefore is not subject to certain rules and regulations that pertain to U.S. federal agencies.
ID	TD_ref3
Provider Reference

TD CSP Compliance with Applicable Records Retention Policies, v1.0
Description	Credential Service Providers (CSPs) must comply with records retention policies as appropriate for the organization, including adhering to applicable laws, regulations, and policies. CSPs must also inform their subscribers of their records retention policy.
ID	TD_ref4
Provider Reference

Sources (2)

NIEF	National Identity Exchange Federation
NIST SP 800-63B	NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. June 2017. Available at https://doi.org/10.6028/NIST.SP.800-63b.

Also available as XML or JSON