NIEF Simple Authenticator Assurance Profile for Data Categories with MODERATE Risk Impact, v1.0
NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 2 (AAL2) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
Identifier |
https://trustmark.nief.org/tpat/tips/nief-simple-authenticator-assurance-profile-for-data-categories-with-moderate-risk-impact/1.0/
|
Publication Date |
2021-08-28 |
Issuing Organization |
|
Keywords |
NIEF,
Authenticator Assurance,
AAL2,
MODERATE
|
Legal Notice |
This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
|
Loading...
Trust Expression:
TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TD_ref1 and (TD_ref2.fips_level >= 1 or TD_ref3) and TD_ref4 and (TD_ref5.max_session_duration_seconds <= 43200) and (TD_ref6.inactivity_timeout_seconds <= 1800) and TD_ref7
References (11)
TIP
NIST SP 800-63B AAL2 Permitted Authenticators, v1.0
|
Description |
Profile of requirements related to permitted authenticator types that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 2 (AAL2). |
ID |
TIP_ref8 |
TIP
NIST SP 800-63B AAL2 General Authenticator Requirements, v1.0
|
Description |
Profile of general authenticator requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 2 (AAL2). |
ID |
TIP_ref9 |
TIP
NIST SP 800-63B Authenticator Lifecycle Management, v1.0
|
Description |
Profile of authenticator lifecycle management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. |
ID |
TIP_ref10 |
TIP
NIST SP 800-63B Session Management, v1.0
|
Description |
Profile of session management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. |
ID |
TIP_ref11 |
TD
CSP Compliance with Applicable Records Retention Policies, v1.0
|
Description |
Credential Service Providers (CSPs) must comply with records retention policies as appropriate for the organization, including adhering to applicable laws, regulations, and policies. CSPs must also inform their subscribers of their records retention policy. |
ID |
TD_ref4 |
Provider Reference |
|
Sources (2)
NIEF |
National Identity Exchange Federation |
NIST SP 800-63B |
NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. June 2017. Available at https://doi.org/10.6028/NIST.SP.800-63b. |
Loading…