Identity Evidence - Evidence Strength, v3.0
Requirements for types of evidence collected as part of identity proofing.
Assessment Steps (2)
1
Evidence Collected (EvidenceCollected)
Does the CSP collect satisfactory evidence confirming the applicant's identity? It must collect:
Artifact
Documentation
Provide policies and practices indicating conformance.
|
2
Evidence Justification (EvidenceJustification)
Does the CSP's Credential Policy document the strength of each form of evidence it collects when collecting evidence from applicants? The strengths assigned must align with NIST 800-63-3 Section 5-1. Provide the details for each type of evidence the CSP uses.
Artifact
Documentation
Provide policies and practices indicating conformance.
|
Conformance Criteria (2)
Evidence Collected
The CSP SHALL collect from the Applicant / Service Consumer identity evidence of appropriate strength, as determined by the further requirements in NIST 800-63-3 Section 5-1. The CSP SHALL collect:
Citation
SP800-63A
Section 4.4.1.2 (IAL2) P1-3
|
Evidence Justification
The CSP SHALL document its justification, for each form of evidence it recognises and collects in fulfilling its CrP and these criteria, of how the strength of the evidence it collects satisfies the qualities identified in NIST 800-63-3 Section 5-1.
Citation
SP800-63A
Section 4.4.1.2 (IAL2)
|