InCommon Assurance Program

Assurance Criteria - Quick Look

This table summarizes all of the identity assurance criteria defined for Bronze and Silver IAPs. Cells that are shaded and contain “n/a” do not apply to the indicated profile.

Functional Area	Criteria	Bronze	Silver
*4.2.1 Business, Policy and Operational Criteria*	1. InCommon Participant.	•	•
	2. Notification to InCommon	•	•
	3. Continuing Compliance	•	•
*4.2.2 Registration and Identity Proofing*	.1 RA authentication	n/a	•
	.2 Identity verification process	n/a	•
	.3 Registration records	n/a	•
	.4 Identity proofing	n/a	•
	.4.1 Existing relationship	n/a	•
	.4.2 In-person proofing	n/a	•
	.4.3 Remote proofing	n/a	•
	5. Address of Record confirmation	n/a	•
*4.2.3 Credential Technology*	.1 Credential unique identifier	•	•
	.2 Resistance to guessing Authentication Secret	•	n/a
	.3 Strong resistance to guessing Authentication Secret	n/a	•
	.4 Stored Authentication Secrets	•	•
	.5 Protected Authentication Secrets	•	•
*4.2.4 Credential Issuance and Management*	.1 Credential issuance process	n/a	•
	.2 Credential revocation or expiration	n/a	•
	.3 Credential renewal or re-issuance	n/a	•
	.4 Retention of Credential issuance records	n/a	•

Functional Area	Criteria	Bronze	Silver
*4.2.5 Authentication Process*	.1 Resist replay attack	•	•
	.2 Resist eavesdropper attack	•	•
	.3 Secure communication	•	•
	.4 Proof of Possession	•	•
	.5 Session authentication	•	•
	.6 Mitigate risk of sharing Credentials	•	•
*4.2.6 Identity Information Management*	.1 Identity record qualification	•	•
*4.2.7 Assertion Content*	.1 Identity Attributes	•	•
	.2 Identity Assertion Qualifier	•	•
	.3 Cryptographic security	•	•
*4.2.8 Technical Environment*	.1 Software maintenance	n/a	•
	.2 Network security	n/a	•
	.3 Physical security	n/a	•
	.4 Reliable operations	n/a	•