Address Confirmation - Supervised, v3.0
The requirements for vertting an applicants address when performing supervised identity proofing.
Assessment Steps (3)
1
Valid Sources (ValidSources)
Does the CSP validate and confirm application addresses of record by using issuing sources and/or authoritative sources?
Artifact
Documentation
Provide policies and practices indicating conformance.
|
2
No Self-Asserted (NoSelf-Asserted)
Does the CSP not accept un-validated self-asserted addresses?
Artifact
Documentation
Provide policies and practices indicating conformance.
|
3
Validity Time (ValidityTime)
Does the CSP document it's maximum validity for enrollment codes? (Max allowable is 7 days)
Artifact
Documentation
Provide policies and practices indicating conformance.
Parameter
Max Daysrequired
NUMBER : The maximum time in days that an enrollment code lasts.
|
Conformance Criteria (3)
Valid Sources
The CSP SHALL validate and confirm the Applicant's address of record by relying only upon issuing source(s) or authoritative source(s).
Citation
SP800-63A
Section 4.4.1.6 (IAL2) P2
|
No Self-Asserted
The CSP SHALL NOT accept un-validated self-asserted addresses.
Citation
SP800-63A
Section 4.4.1.6 (IAL2) P3
|
Validity Time
If the CSP performs Supervised (In-person or Remote) proofing it SHALL document the maximum validities it allows for enrollment codes and only issue codes that meet that limitation, which SHALL NOT exceed 7 days.
Citation
SP800-63A
Section 4.4.1.6 (IAL2) P4
|