| Trust Interoperability Profile Name | Version |
|---|---|
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a LOW-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at LOW confidentiality, MODERATE integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-HIGH-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, HIGH integrity, and HIGH availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-HIGH-LOW impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, HIGH integrity, and LOW availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-HIGH-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, HIGH integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-LOW-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, LOW integrity, and HIGH availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-LOW-LOW impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, LOW integrity, and LOW availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-LOW-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, LOW integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-HIGH impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and HIGH availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-LOW impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and LOW availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Minimal profile of security controls from NIST Special Publication 800-53 r4 for systems that need to operate at a MODERATE-MODERATE-MODERATE impact level, as recommended by NIEF. Pertains to systems that operate at MODERATE confidentiality, MODERATE integrity, and MODERATE availability. Includes only those applicable security controls from NIST SP 800-53 r4 that have been marked by NIST as Priority P1. Incorporates security control downgrading guidance, as appropriate, based on recommendations on page 35 of NIST SP 800-53 r4.
|
1.0 |
|
Profile of minimum protocol-level interoperability, attribute, and security requirements for NIEF OpenID Connect OpenID Providers.
|
1.0 |
|
Profile of minimum protocol-level interoperability, attribute, and security requirements for NIEF OpenID Connect Relying Parties.
|
1.0 |
|
Profile for proper assertion of all NIEF Recommended Attributes as defined by the NIEF Attribute Registry. See https://nief.org/attribute-registry/bundles/NIEF-Recommended/.
|
1.0 |
|
Profile for proper assertion of all NIEF Recommended Attributes as defined by the NIEF Attribute Registry. See https://nief.org/attribute-registry/bundles/NIEF-Recommended/.
|
2.0 |
|
Profile of minimum protocol-level interoperability, attribute, and security requirements for NIEF SAML Identity Providers.
|
1.0 |
|
Profile of minimum protocol-level interoperability, attribute, and security requirements for NIEF SAML Service Providers.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Border and Transportation Security information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.1. Border and Transportation Security includes facilitating or deterring entry and exit of people, goods, and conveyances at and between U.S. ports of entry, as well as ensuring the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States. Border control involves enforcing the laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. This includes patrolling and monitoring borders and deportation of illegal aliens. Some border control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information). In such cases, the impact levels of the associated mission information may determine impact levels associated with border control information. Some aspects of ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States are also covered under the information types associated with the transportation mission. In some cases the border control information may be classified. Any classified information is treated under separate rules established for national security information. Systems that handle Border and Transportation Security information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Citizen Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.3. Citizen protection involves all activities performed to protect the general population of the United States from criminal activity. Systems that handle Citizen Protection information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Crime Prevention information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.7. Crime prevention entails all efforts designed to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime. Systems that handle Crime Prevention information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Criminal Apprehension information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.1. Criminal apprehension supports activities associated with the tracking and capture of groups or individuals believed to be responsible for committing Federal crimes. Systems that handle Criminal Apprehension information should operate at an impact level of LOW confidentiality, LOW integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Criminal Incarceration information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.1. Criminal incarceration includes activities associated with the housing, custody and general care of criminals sentenced to serve time in penitentiaries. Systems that handle Criminal Incarceration information should operate at an impact level of LOW confidentiality, MODERATE integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Criminal Investigation and Surveillance information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.2. Criminal investigation and surveillance includes the collection of evidence required to determine responsibility for a crime and the monitoring and questioning of affected parties. Systems that handle Criminal Investigation and Surveillance information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Criminal Rehabilitation information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.2. Criminal Rehabilitation includes all government activities devoted to providing convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members. Systems that handle Criminal Rehabilitation information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Emergency Response information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.4.4. Emergency Response involves the immediate actions taken to respond to a disaster (e.g., wildfire management). These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. Impacts to emergency response information and the information systems that process and store emergency response information could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions. Systems that handle Emergency Response information should operate at an impact level of LOW confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Key Asset and Critical Infrastructure Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.2. Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. Systems that handle Key Asset and Critical Infrastructure Protection information should operate at an impact level of HIGH confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
