NIEF TPAT | TIP: NIEF Simple Identity Assurance Profile for Access to Substance Control Data

NIEF Simple Identity Assurance Profile for Access to Substance Control Data, v1.0

Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Substance Control information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.6. Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Systems that handle Substance Control information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.

Identifier

https://trustmark.nief.org/tpat/tips/nief-simple-identity-assurance-profile-for-access-to-substance-control-data/1.0/

Publication Date

2021-08-28

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

Security, NIEF, Substance Control

Legal Notice

This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TIP_NIEFSimpleIdentityAssuranceProfileforDataCategorieswithMODERATERiskImpact

References (1)

TIP NIEF Simple Identity Assurance Profile for Data Categories with MODERATE Risk Impact, v1.0
Description	NIEF identity assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is MODERATE. Derived from NIST Special Publication 800-63A Identity Assurance Level 2 (IAL2) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
ID	TIP_NIEFSimpleIdentityAssuranceProfileforDataCategorieswithMODERATERiskImpact

Sources (4)

NIEF	National Identity Exchange Federation
NIST SP 800-63A	NIST Special Publication 800-63A, Digital Identity Guidelines: Enrollment and Identity Proofing Requirements. June 2017. Available at https://doi.org/10.6028/NIST.SP.800-63a.
SP800-60V1R1	NIST Special Publication 800-60 Volume I, Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v1r1.
SP800-60V2R1	NIST Special Publication 800-60 Volume II, Revision 1, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, National Institute of Standards and Technology, August 2008. Available at https://doi.org/10.6028/NIST.SP.800-60v2r1.

Also available as XML or JSON