Page tree
Title:Identity Assurance Framework: NIST SP 800-63A Service Assessment Criteria
Document type:(Draft) Recommendation
Version:0.6.0Released for IAWG-sg review & comment
Draft Date:2017-11-08
Effective Date:Immediate on Publication
Status:Editor's draft
Editor:R.G. Wilsher
Sponsor:
Copyright:The content of this document is the copyright of Kantara Initiative, Inc. © 2017 Kantara Initiative, Inc
Abstract:This document sets forth KI's Service Assessment Criteria for assessments against the requirements of NIST's SP 800-63A at AAL2.
Revision history:v0.0.19/5/2017Editor's draft
v0.0.29/6/2017To IAWG-sg for info (first XLS version - previously Word).
v0.0.39/7/2017Editor's draft
v0.1.09/7/2017To IAWG-sg for review and comment.
v0.1.19/13/2017Editor's draft
v0.1.29/14/2017Editor's draft
v0.1.39/14/2017To IAWG-sg for review. Included Draft DoC on v0.1.0.
v0.1.49/14/2017To IAWG-sg for review. Included revised Draft DoC on v.0.1.0
v0.2.09/15/2017Complete draft criteria set for IAWG-sg review, post mtg of 09-14. Included DoC on 2017-09-21.
v0.3.09/21/2017Revision of v0.2.0, to accommodate cleared dispositions to date
v0.4.09/28/2017Final DoC and revisions as agreed by the IAWG-sg.
v0.5.09/28/2017Released for comment to the IAWG at-large
v0.5.110/30/2017Revised to accommodate 'SHOULD' requirements in 63A source
Notes on criteria selection, application and assessment:NISTKI viewKI criterion
In this SAC all normative NIST requirements (i.e. those subject to a 'SHALL' term) in NIST 800-63A (i.e. rev.3) have been automatically adopted as Kantara criteria. Such criteria are presented in dark red text.SHALLImperativeSHALL
Certain NIST requirements stated in '63A using 'SHOULD' have been adopted as Kantara criteria based upon the following determination, as made by Kantara's IAWG, the owning body for these criteria:
a)If the requirement is considered indispensible Kantara has adopted the requirement as a fully-normative criterion, i.e. it has been expressed in the 63A_SAC using 'SHALL'. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced);SHOULDIndispensibleSHALL
b)If the requirement is considered highly desireable then Kantara has adopted it as an optional criterion, i.e. it has been expressed in the 63A_SAC using 'SHOULD'. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced);SHOULDHighly desireableSHOULD
c)If the requirement is considered to be neither indispensible nor highly desireable then Kantara has not adopted it as a criterion;SHOULD/ MAYDisregardnone
d)In addition to the foregoing, where NIST has created optional requirements with mandatory obligations IF the option is exercised, Kantara has chosen to use the term 'MUST' in such instances, as opposed to 'SHALL', to highlight the overall optional status of the criterion. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced).SHOULD/MAY ... SHALLIndispensible if exercisedIf exercised ... MUST