Key discussion items
- Richard shared the spreadsheet KIAF-1430 63A_SAC v0.0.2.xlsx that addresses IAL 2 and includes guidance on work sheets T5-1, T5-2 and T5- 3. He will collate all the comments so the group can resolve them all together. The guidance includes how you gather the evidence.
- Scott commented that it is a constructive tool to see how to demonstrate compliance and it is within his idea of the assessment methods.
- Andrew added that we can create a filter to better search within the criteria documents.
- Scott said that retaining information about the applicability at IALs is something that we have to add for the final product.
- Richard will create small columns and just flag IAL 1, 2 and 3 that will allow us to show where these things apply.
- Scott said that next steps for the group would be to review the criteria and provide comments in the spreadsheet.
- Richard clarified that the spreadsheet is the word text + evolution so it is the latest version.
- Richard provided an example where he twisted the NIST text:
Requirement: Identity Should not be used to determine suitability or entitlement to gain access
KI criterion: The CSP SHALL NOT perform identity proofing to determine suitability or entitlement to gain access to services or benefits.
The group agreed to work on the spreadsheet that Richard provided.
- The group to review the criteria in the KIAF-1430 63A_SAC v0.0.2.xlsx and provide comments.
- Scott to transfer the comments from KI 1430 63A_SAC v0.05 - SS doc. to the spreadsheet.
- The group to review the feedback in the next meeting.