NIEF Simple Authenticator Assurance Profile for Data Categories with MODERATE Risk Impact, v1.0

NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 2 (AAL2) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
Identifier https://trustmark.nief.org/tpat/tips/nief-simple-authenticator-assurance-profile-for-data-categories-with-moderate-risk-impact/1.0/
Publication Date 2021-08-28
Issuing Organization
NIEF Support help@nief.org No telephone No Mailing Address
Keywords NIEF, Authenticator Assurance, AAL2, MODERATE
Legal Notice This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_ref8 and TIP_ref9 and TIP_ref10 and TIP_ref11 and TD_ref1 and (TD_ref2.fips_level >= 1 or TD_ref3) and TD_ref4 and (TD_ref5.max_session_duration_seconds <= 43200) and (TD_ref6.inactivity_timeout_seconds <= 1800) and TD_ref7

References (11)

 TIP  NIST SP 800-63B AAL2 Permitted Authenticators, v1.0
Description Profile of requirements related to permitted authenticator types that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 2 (AAL2).
ID TIP_ref8
 TIP  NIST SP 800-63B AAL2 General Authenticator Requirements, v1.0
Description Profile of general authenticator requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management, at Authenticator Assurance Level 2 (AAL2).
ID TIP_ref9
 TIP  NIST SP 800-63B Authenticator Lifecycle Management, v1.0
Description Profile of authenticator lifecycle management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.
ID TIP_ref10
 TIP  NIST SP 800-63B Session Management, v1.0
Description Profile of session management requirements that a Credential Service Provider (CSP) must satisfy to comply with NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management.
ID TIP_ref11
 TD  Authentication - Use of Authenticated Protected Channel between Claimant and Verifier, v1.0
Description All communications during authentication between the claimant and verifier must use authenticated and protected channels.
ID TD_ref1
Provider Reference
 TD  FIPS 140 Cryptographic Verifier Validation for Overall Security, v1.0
Description Approved cryptography verifiers must be used to ensure overall system security. Systems should be validated for FIPS 140 compliance level.
ID TD_ref2
Provider Reference
 TD  Bona Fide Non-US Federal Government Agency or Organization, v1.0
Description Used to demonstrate that an agency or organization is NOT part of the United States federal government, and therefore is not subject to certain rules and regulations that pertain to U.S. federal agencies.
ID TD_ref3
Provider Reference
 TD  CSP Compliance with Applicable Records Retention Policies, v1.0
Description Credential Service Providers (CSPs) must comply with records retention policies as appropriate for the organization, including adhering to applicable laws, regulations, and policies. CSPs must also inform their subscribers of their records retention policy.
ID TD_ref4
Provider Reference
 TD  Authentication - Enforcement of an Acceptable Maximum Session Duration, v1.0
Description All sessions must have a maximum acceptable duration that must be enforced to qualify for AAL1, AAL2, or AAL3.
ID TD_ref5
Provider Reference
 TD  Authentication - Enforcement of Periodic Subscriber Reauthentication, v1.0
Description Subscribers must reauthenticate after periods of inactivity according to the AAL being operated at.
ID TD_ref6
Provider Reference
 TD  Authentication - No Allowance of Unlocking a Mobile Device as a Valid Authentication Factor, v1.0
Description Unlocking a smart phone device must not be considered an authentication factor, as a verifier cannot verify this was done.
ID TD_ref7
Provider Reference

Sources (2)

NIEF National Identity Exchange Federation
NIST SP 800-63B NIST Special Publication 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. June 2017. Available at https://doi.org/10.6028/NIST.SP.800-63b.
Also available as XML or JSON