-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feedback]: Digital Identity Level (DIL) Determination discrepancy in documentation and constraints #569
Comments
The document templates followed the nomenclature in NIST 800-63 (see https://pages.nist.gov/800-63-3/sp800-63-3.html#:~:text=For%20non%2Dfederated%20systems%2C%20agencies%20will%20select%20two%20components%2C%20referred%20to%20as%20Identity%20Assurance%20Level%20(IAL)%20and%20Authenticator%20Assurance%20Level%20(AAL).%20For%20federated%20systems%2C%20agencies%20will%20select%20a%20third%20component%2C%20Federation%20Assurance%20Level%20(FAL).). OSCAL has named properties that align (there is an implicit mapping). For example:
Removing these props from core NIST OSCAL would be a backwards breaking / non-compatible change and adding new props would be duplicative so we do not foresee a change in the near-term. |
I agree. I would recommend instead changing the requirement in the legacy SSP template to 1, 2, 3 to match OSCAL, and not changing the OSCAL to match legacy. And/or Accept the OSCAL syntax of 1,2,3 in an SSP produced by OSCAL as opposed to IAL1,AAL1,FAL1, IAL2, AAL2,FAL2, IAL3,AAL3,FAL3. Ticket is for consistency between the manual and OSCAL process, without requiring a processor between the two to convert the formatting back and forth. |
Thanks for this report. I see it is a little old, but seems relevant to ongoing work on porting the new constraints. We should discuss this feedback and decide how to act on it since these newer constraints were already covered with #701. I will move this into backlog to triage further. |
This is a ...
question - need to understand something
This relates to ...
What is your feedback?
For the Digital Identity Level (DIL) Determination there is a discrepancy between the document templates and OSCAL with the values it accepts. In the document templates it accepts the following values: IAL3/FAL3/AAL3, IAL2/FAL2/AAL2, IAL 1/FAL1/AAL1, but in OSCAL it needs an integer: 1, 2, or 3.
Similarly, in the definitions for the SSP meta schema, it requires 1, 2, or 3:
Is there a reason for having this difference between the documents and OSCAL? Could we instead use only one of the value option types (string vs integer)?
Where, exactly?
SSP OSCAL and Document Templates
Other information
No response
The text was updated successfully, but these errors were encountered: