Knowledge Based Verification - Sources, v3.0
The requirements for the sources of information used in Knowledge Based Verification.
Assessment Steps (3)
1
Evidence (Evidence)
When performing KBV, does the CSP verify the applicant's identity against only a single piece of validated evidence?
Artifact
Documentation
Provide policies, practices, or existing security audit reports indicating conformance.
|
2
Sources (Sources)
When performing KBV, does the CSP only use information known to the applicant and the authoritative source?
|
3
Information (Information)
When performing KBV, does the CSP avoid using information available from public or black market sources?
|
Conformance Criteria (3)
Evidence
When performing KBV to verify identities, the CSP SHALL verify an Applicant's identity against only a single piece of validated evidence.
Citation
SP800-63A
Section 5.3.2 P2
|
Sources
When performing KBV to verify identities, information used to formulate KBQ/KBA SHALL be expected to be known only to the Applicant and the authoritative source.
Citation
SP800-63A
Section 5.3.2 P2
|
Information
When performing KBV to verify identities, the CSP SHALL use information NOT be readily accessible from public or black market sources.
|