Page tree
Title:Identity Assurance Framework: NIST SP 800-63B Service Assessment Criteria
Document type:(Draft) Recommendation
Version:0.6.0Released for IAWG-sg review & comment
Draft Date:2017-11-08
Effective Date:Immediate on Publication
Status:Working Draft
Editor:R.G. Wilsher
Sponsor:
Copyright:The content of this document is the copyright of Kantara Initiative, Inc. © 2017 Kantara Initiative, Inc
Abstract:This document sets forth KI's Service Assessment Criteria for assessments against the requirements of NIST's SP 800-63B at AAL2.
Revision history:v0.1Distributed for review 2017-10-16
v0.2Distributed for review 2017-10-18
v0.3Distributed for review 2017-10-25
v0.3.1Reviewed 2017-10-26
v0.3.2For specific amendment by SAS, 2017-10-26
v0.3.3As amended by SAS, 2017-10-26
v0.4Draft for IAWG-sg review, 2017-10-31
v0.5Draft for IAWG-sg review, 2017-11-06
v0.5.1Working draft, 2017-11-06
v0.5.1Working draft, 2017-11-07
Notes on criteria selection, application and assessment:NISTKI viewKI criterion
In this SAC all normative NIST requirements (i.e. those subject to a 'SHALL' term) in NIST 800-63B (i.e. rev.3) have been automatically adopted as Kantara criteria. Such criteria are presented in dark red text.SHALLImperativeSHALL
Certain NIST requirements stated in '63B using 'SHOULD' have been adopted as Kantara criteria based upon the following determination, as made by Kantara's IAWG, the owning body for these criteria:
a)If the requirement is considered indispensible Kantara has adopted the requirement as a fully-normative criterion, i.e. it has been expressed in the 63B_SAC using 'SHALL'. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced);SHOULDIndispensibleSHALL
b)If the requirement is considered highly desireable then Kantara has adopted it as an optional criterion, i.e. it has been expressed in the 63B_SAC using 'SHOULD'. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced);SHOULDHighly desireableSHOULD
c)If the requirement is considered to be neither indispensible nor highly desireable then Kantara has not adopted it as a criterion;SHOULD/ MAYDisregardnone
d)In addition to the foregoing, where NIST has created optional requirements with mandatory obligations IF the option is exercised, Kantara has chosen to use the term 'MUST' in such instances, as opposed to 'SHALL', to highlight the overall optional status of the criterion. Such criteria are presented in dark green text and indicated by a meta-tag 'K' (Kantara-enforced).SHOULD/MAY ... SHALLIndispensible if exercisedIf exercised ... MUST