File Download: Identity Assurance Framework: SAC mapping – NIST SP 800-63-2 – (Structured) Electronic Authentication Guidelines

Title: SAC mapping – NIST SP 800-63-2 – (Structured) Electronic Authentication Guidelines

Version: 2.0

Date: 2015-12-17

Editor: Richard G. Wilsher

Status: This document is a Kantara Initiative Recommendation, created by the IAWG WG (see section 3.8 of the Kantara Initiative Operating Procedures)

Abstract:
This mapping was produced as a product of an undertaking sponsored by two Kantara members, to bring the Service Assessment Criteria (KI-IAF 1400) into full alignment with NIST’s SP 800-63-2. It was a specific output of the Statement of Work under which the SAC alignment was performed and is a partial re-structuring of NIST’s SP 800-63-2 with mappings into the SAC v4.0 (as the aligned SAC will be identified), performed under certain self-imposed restrictions (see the following Apologia). This mapping serves a number of valuable and distinct purposes:

  1. it renders the essential parts of SP 800-63-2 as a much clearer set of requirements than in their original form;
  2. it provides a reference work which underpins and justifies the revisions made to the SAC v4.0 in order to achieve the alignment;
  3. it has enabled clarification of parts of the original NIST document which were ambiguous, unclear or otherwise doubtful, and records those clarifications;
  4. it facilitates service providers wishing to demonstrate their compliance with SP 800-63-2 by providing a set of discretely-referenceable requirements which the original document cannot support;
  5. in addition to the above, it provides clear guidance where a US-specific profile for meeting both Kantara SAC requirements and SP 800-63 compliance should be developed (which would serve the same purpose for any other jurisdiction wishing to adopt SP 800-63);
  6. by virtue of the two points above, this mapping facilitates both internal and third-party review and assessment of such services;
  7. finally, this mapping has the potential to act as a future, structurally-improved, revision to SP 800-63, as has been previously discussed with NIST personnel and was an intention of the original tasking.

Filename: Kantara IAF-5463 SAC mapping – SEAG v2.0.pdf

Download PDF