| Trust Interoperability Profile Name | Version |
|---|---|
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Leadership Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.4. Leadership protection involves all activities performed to protect the health and well being of the president, vice-president, their families, and other high-level government officials. Some leadership protection information may be classified. All classified information is treated under separate rules established for national security information and is outside the scope of this guideline. Systems that handle Leadership Protection information should operate at an impact level of MODERATE confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Property Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.5. Property protection entails all activities performed to ensure the security of civilian and government property. Systems that handle Property Protection information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Substance Control information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.6. Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Systems that handle Substance Control information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of authenticator assurance requirements from NIST Special Publication 800-63B for systems that handle the Trade Law Enforcement information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.8. Trade law enforcement refers to the enforcement of anti-boycott, international loan, and general trade laws. Systems that handle Trade Law Enforcement information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63B authenticator assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 3 (AAL3) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 1 (AAL1) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF authenticator assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63B Authenticator Assurance Level 2 (AAL2) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF federation assurance profile for identity provider (IDP) systems. Derived from NIST Special Publication 800-63C requirements, excluding security controls. Intended for use in conjunction with appropriate NIEF profiles for security controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Border and Transportation Security information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.1. Border and Transportation Security includes facilitating or deterring entry and exit of people, goods, and conveyances at and between U.S. ports of entry, as well as ensuring the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States. Border control involves enforcing the laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. This includes patrolling and monitoring borders and deportation of illegal aliens. Some border control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information). In such cases, the impact levels of the associated mission information may determine impact levels associated with border control information. Some aspects of ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States are also covered under the information types associated with the transportation mission. In some cases the border control information may be classified. Any classified information is treated under separate rules established for national security information. Systems that handle Border and Transportation Security information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Citizen Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.3. Citizen protection involves all activities performed to protect the general population of the United States from criminal activity. Systems that handle Citizen Protection information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Crime Prevention information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.7. Crime prevention entails all efforts designed to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime. Systems that handle Crime Prevention information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Criminal Apprehension information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.1. Criminal apprehension supports activities associated with the tracking and capture of groups or individuals believed to be responsible for committing Federal crimes. Systems that handle Criminal Apprehension information should operate at an impact level of LOW confidentiality, LOW integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Criminal Incarceration information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.1. Criminal incarceration includes activities associated with the housing, custody and general care of criminals sentenced to serve time in penitentiaries. Systems that handle Criminal Incarceration information should operate at an impact level of LOW confidentiality, MODERATE integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Criminal Investigation and Surveillance information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.2. Criminal investigation and surveillance includes the collection of evidence required to determine responsibility for a crime and the monitoring and questioning of affected parties. Systems that handle Criminal Investigation and Surveillance information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Criminal Rehabilitation information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.18.2. Criminal Rehabilitation includes all government activities devoted to providing convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members. Systems that handle Criminal Rehabilitation information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Emergency Response information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.4.4. Emergency Response involves the immediate actions taken to respond to a disaster (e.g., wildfire management). These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. Impacts to emergency response information and the information systems that process and store emergency response information could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions. Systems that handle Emergency Response information should operate at an impact level of LOW confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Key Asset and Critical Infrastructure Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.2.2. Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. Systems that handle Key Asset and Critical Infrastructure Protection information should operate at an impact level of HIGH confidentiality, HIGH integrity, and HIGH availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Leadership Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.4. Leadership protection involves all activities performed to protect the health and well being of the president, vice-president, their families, and other high-level government officials. Some leadership protection information may be classified. All classified information is treated under separate rules established for national security information and is outside the scope of this guideline. Systems that handle Leadership Protection information should operate at an impact level of MODERATE confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Property Protection information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.5. Property protection entails all activities performed to ensure the security of civilian and government property. Systems that handle Property Protection information should operate at an impact level of LOW confidentiality, LOW integrity, and LOW availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Substance Control information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.6. Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Systems that handle Substance Control information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
Profile of identity assurance requirements from NIST Special Publication 800-63A for systems that handle the Trade Law Enforcement information type, as defined by NIST Special Publication 800-60, Volume II, Revision 1, Section D.16.8. Trade law enforcement refers to the enforcement of anti-boycott, international loan, and general trade laws. Systems that handle Trade Law Enforcement information should operate at an impact level of MODERATE confidentiality, MODERATE integrity, and MODERATE availability, as recommended by NIST. NOTE: This "simple" profile does NOT contain NIST 800-63A identity assurance requirements related to security or privacy. It is intended to be used in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF identity assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is HIGH. Derived from NIST Special Publication 800-63A Identity Assurance Level 3 (IAL3) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF identity assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is LOW. Derived from NIST Special Publication 800-63A Identity Assurance Level 1 (IAL1) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
|
NIEF identity assurance profile for access to categories of data whose highest risk impact level (among confidentiality risk, integrity risk, and availability risk) is MODERATE. Derived from NIST Special Publication 800-63A Identity Assurance Level 2 (IAL2) requirements, excluding security controls and privacy controls. Intended for use in conjunction with appropriate NIEF profiles for security and privacy controls.
|
1.0 |
