-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Poorly-chosen SP 800-63-3 assurance level properties #112
Comments
Discussed this with the NIST OSCAL devs. This will make our FedRAMP |
Discussed in 10x NIST developer meeting and will surface in Friday's model meeting per consultation with the NIST devs. |
Rebuild Schematron XSLT (SEF format) for UI
Collaborated with NIST recently. Still pending change from NIST to address this. |
Will stay as is. |
This is a ...
This relates to ...
NOTE: For feedback related to the OSCAL syntax itself, please create or add to an issue in the NIST OSCAL Repository.
Section 4.5 page 13 Digital Identity Determination
Properties (OSCAL
<prop>
)security-eauth-level
identity-assurance-level
authenticator-assurance-level
federation-assurance-level
The assurance level property values indicated (i.e., 1, 2, 3) are not the same parlance as that used in SP 800-63.
The initialisms used in SP 800-63 are
Those are the most likely to be recognized rather than the disembodied "1", "2", "3".
1.0.0
Use SP 800-63 parlance for assurance level values.
The text was updated successfully, but these errors were encountered: