Assurance Criteria - Quick Look

This table summarizes all of the identity assurance criteria defined for Bronze and Silver IAPs.  Cells that are shaded and contain “n/a” do not apply to the indicated profile. 

Functional Area

Criteria

Bronze

Silver

4.2.1 Business, Policy and Operational Criteria

.1  InCommon Participant

.2  Notification to InCommon

.3  Continuing Compliance

 

.4  IdPO Risk Management

4.2.2 Registration and Identity Proofing

.1  RA authentication

n/a

.2  Identity Verification Process

n/a

.3  Registration Records

n/a

.4  Identity Proofing

n/a

.4.1  Existing Relationship

n/a

.4.2  In-person Proofing

n/a

.4.3  Remote Proofing

n/a

.5  Address of Record Confirmation

n/a

.6  Protection of Personally Identifiable Information

4.2.3 Credential Technology

.1  Credential Unique Identifier

.2  Basic Resistance to Guessing Authentication Secret

n/a

.3  Strong Resistance to Guessing Authentication Secret

n/a

.4  Stored Authentication Secrets

n/a

.5  Basic Protection of Authentication Secrets

.6  Strong Protection of Authentication Secrets

n/a

4.2.4 Credential Issuance and Management

.1  Credential Issuance

.2  Credential Revocation or Expiration

.3  Credential Renewal or Re-issuance

.4  Credential Issuance Records Retention

n/a

.5  Resist Token Issuance Tampering Threat

4.2.5 Authentication Process

.1  Resist Replay Attack

.2  Resist Eavesdropper Attack

.3  Secure Communication

.4  Proof of Possession

.5  Resist Session Hijacking Threat

.6  Mitigate Risk of Credential Compromise

4.2.6 Identity Information Management

.1  Identity Record Qualification

4.2.7 Assertion Content

.1  Identity Attributes

.2  Identity Assertion Qualifier

.3  Cryptographic Security

4.2.8 Technical Environment

.1  Software Maintenance

n/a

.2  Network Security

n/a

.3  Physical Security

n/a

.4  Reliable Operations

n/a