Identity Proofing - Security Controls IAL3, v3.0
The requirements for a CSP to adhere to appropriate security controls.
Assessment Steps (2)
1
Security Controls (SecurityControls)
Does the CSP employ security controls aligned with appropriate baseline such as SP 800-53 or appropriate equivalent?
Artifact
Documentation
Provide policies, practices, or existing security audit reports indicating conformance.
|
2
Assurance Controls (AssuranceControls)
Does the CSP ensure that assurance related controls are satisfied?
Artifact
Documentation
Provide policies, practices, or existing security audit reports indicating conformance.
|
Conformance Criteria (2)
Security Controls
The CSP SHALL employ appropriately-tailored security controls, to include control enhancements, from the high baseline of security controls, as defined in SP 800-53 or equivalent federal (e.g., FEDRAMP) or industry standards.
Citation
SP800-63A
Section 4.5.8 (IAL3)
|
Assurance Controls
The CSP SHALL ensure that the minimum assurance-related controls for high-impact systems or equivalent are satisfied.
Citation
SP800-63A
Section 4.5.8 (IAL3)
|