Knowledge Based Verification - Optional, v3.0
The requirements for Knowledge Based Verification to be opted out of by an applicant.
Assessment Step
1
Opt Out (OptOut)
Does the CSP allow applicants to opt out of using a knowledge based verification (KBV)? If the CSP does not perform KBV consider this step passed.
Artifact
Documentation
Provide policies, practices, or existing security audit reports indicating conformance.
|
Conformance Criteria (1)
Opt Out
If the CSP uses KBV to verify identities it SHALL allow the Applicant the choice to opt-out of the KBV process and SHALL employ other means of equivalent rigour to achieve verification (in accordance with T5-3).
Citation
SP800-63A
Section 5.3.2 P3
|