Demo TPAT | TD: Knowledge Based Verification

Knowledge Based Verification - Sources, v3.0

The requirements for the sources of information used in Knowledge Based Verification.

1 Evidence (Evidence) When performing KBV, does the CSP verify the applicant's identity against only a single piece of validated evidence? Artifact Documentation Provide policies, practices, or existing security audit reports indicating conformance.
2 Sources (Sources) When performing KBV, does the CSP only use information known to the applicant and the authoritative source?
3 Information (Information) When performing KBV, does the CSP avoid using information available from public or black market sources?

Evidence When performing KBV to verify identities, the CSP SHALL verify an Applicant's identity against only a single piece of validated evidence. Citation SP800-63A Section 5.3.2 P2
Sources When performing KBV to verify identities, information used to formulate KBQ/KBA SHALL be expected to be known only to the Applicant and the authoritative source. Citation SP800-63A Section 5.3.2 P2
Information When performing KBV to verify identities, the CSP SHALL use information NOT be readily accessible from public or black market sources.

Identifier

https://demo.trustmarkinitiative.org/tpat/tds/knowledge-based-verification---sources/3.0/

Publication Date

2023-07-21

Issuing Organization

Trustmark Initiative (https://demo.trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-1234

400 5th Street Atlanta GA 30332

Keywords

There are no keywords.

Issuance Criteria

yes(ALL)

SP800-63A	NIST Special Publication 800-63-3A: https://pages.nist.gov/800-63-3/

Also available as XML or JSON