Trust Interoperability Profile Name | Version |
---|---|
Profile for proper assertion of all NIEF Highly Recommended Attributes as defined by the NIEF Attribute Registry. See https://nief.org/attribute-registry/bundles/NIEF-Highly-Recommended/.
|
2.0 |
Profile of ICAM privacy requirements from the NIEF Privacy Policy, version 2.0 that apply to Identity Provider Organizations (IDPOs).
|
1.0 |
Profile of ICAM privacy requirements from the NIEF Privacy Policy, version 2.0 that apply to Service Provider Organizations (SPOs).
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Border and Transportation Security information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.1. Border and Transportation Security includes facilitating or deterring entry and exit of people, goods, and conveyances at and between U.S. ports of entry, as well as ensuring the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States. Border control involves enforcing the laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. This includes patrolling and monitoring borders and deportation of illegal aliens. Some border control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information). In such cases, the impact levels of the associated mission information may determine impact levels associated with border control information. Some aspects of ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States are also covered under the information types associated with the transportation mission. In some cases the border control information may be classified. Any classified information is treated under separate rules established for national security information. Systems that handle Border and Transportation Security information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Citizen Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.3. Citizen protection involves all activities performed to protect the general population of the United States from criminal activity. Systems that handle Citizen Protection information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Crime Prevention information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.7. Crime prevention entails all efforts designed to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime. Systems that handle Crime Prevention information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Criminal Apprehension information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.1. Criminal apprehension supports activities associated with the tracking and capture of groups or individuals believed to be responsible for committing Federal crimes. Systems that handle Criminal Apprehension information should operate at an impact level of LOW confidentiality, LOW integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Criminal Incarceration information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.1. Criminal incarceration includes activities associated with the housing, custody and general care of criminals sentenced to serve time in penitentiaries. Systems that handle Criminal Incarceration information should operate at an impact level of LOW confidentiality, MODERATE integrity, and LOW availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Criminal Investigation and Surveillance information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.2. Criminal investigation and surveillance includes the collection of evidence required to determine responsibility for a crime and the monitoring and questioning of affected parties. Systems that handle Criminal Investigation and Surveillance information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Criminal Rehabilitation information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.2. Criminal Rehabilitation includes all government activities devoted to providing convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members. Systems that handle Criminal Rehabilitation information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Emergency Response information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.4.4. Emergency Response involves the immediate actions taken to respond to a disaster (e.g., wildfire management). These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. Impacts to emergency response information and the information systems that process and store emergency response information could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions. Systems that handle Emergency Response information should operate at an impact level of LOW confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Key Asset and Critical Infrastructure Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.2. Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. Systems that handle Key Asset and Critical Infrastructure Protection information should operate at an impact level of HIGH confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Leadership Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.4. Leadership protection involves all activities performed to protect the health and well being of the president, vice-president, their families, and other high-level government officials. Some leadership protection information may be classified. All classified information is treated under separate rules established for national security information and is outside the scope of this guideline. Systems that handle Leadership Protection information should operate at an impact level of MODERATE confidentiality, LOW integrity, and LOW availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Property Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.5. Property protection entails all activities performed to ensure the security of civilian and government property. Systems that handle Property Protection information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Substance Control information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.6. Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Systems that handle Substance Control information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that handle the Trade Law Enforcement information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.8. Trade law enforcement refers to the enforcement of anti-boycott, international loan, and general trade laws. Systems that handle Trade Law Enforcement information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and HIGH availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-LOW impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and LOW availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-HIGH-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, HIGH integrity, and MODERATE availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-LOW-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, LOW integrity, and HIGH availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-LOW-LOW impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, LOW integrity, and LOW availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-LOW-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, LOW integrity, and MODERATE availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-MODERATE-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, MODERATE integrity, and HIGH availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-MODERATE-LOW impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, MODERATE integrity, and LOW availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
Ideal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a HIGH-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at HIGH confidentiality, MODERATE integrity, and MODERATE availability. Includes all applicable security controls from NIST SP 800-53 r4, regardless of Priority level. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |