Search results

'''Category''': Security Control Implementation Guide '''Description''': A set of documentation requirements that can be used to express the design of a cryptographic key

'''Category''': Security Control Implementation Guide technical requirements for the four levels assurance defined in OMB M-04-04 in the areas of identi

Security Assertion Markup Language (SAML) v2.0 http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== #** the TFTM committee will be charged with consolidating requirements and all the other work required to roll out the self-attestation program

...to the UXC requirements. UXC is proposing to change 1, 2 and 7, but other requirements may change as well, including supplemental guidance. ...rs, Intermediaries, Attribute Providers and Relying Parties roles. The UXC requirements update will focus on these four roles from the Functional Model.

'''Category''': Credential Requirements Standard '''Description''': Requirements for non-Federal issuers of cards designed to interoperate with the Federal

==Requirements Documents for Phase II== * Security [[file:Secure_Requirements_Update.docx]]

...laims for the relying party that is designed specifically to meet both the requirements of the relying party and the user's privacy directives. It is important tha # The RP uses a standard protocol and taxonomy to request the information needed from the user.

Privacy is considered as one of the core requirements of the IDESG and yet it has proven difficult to accommodate in the trust fr ...new framework is chosen, that may change the PET to meet those particular requirements.

...n certain assertions by other actors to fulfill their information security requirements." In this document the objective is simply to allow two digital entities (a ...a user understandable name for a digital entity. In particular there is no standard way for the RP to acquire display name of the IdP using dynamic registratio

The UXC Dictionary defines words used in the UXCs Requirements and Supplemental Guidance and should be considered apart of the Guidance. < ...ed to service providers, and they often must calculate the tradeoffs among security, privacy, and gaining access to a service they desire." Page 12

...of the user may be limited to a radius of miles, or feet, depending on the requirements of the app. Similarly the home address may be precise, or limited to just t ...new framework is chosen, that may change the PET to meet those particular requirements.

'''10/6/14 [[Privacy Requirements]] Working Group Meeting Notes''' '''Function Requirements'''

...ns or, in some cases, all residents. The US has determined that the social security number (SSN) is not a secure means of identification and has mandated that ...[[Identifier]] for users of Medicare that is not tied to the user's social security number.

...ying its principles to specific vertical industry and horizontal community requirements. ...Functional Requirements (as amended from time to time) and add additional requirements in those four areas plus the potential for a trusted laboratory validation

==Requirements for Phase III== ===Requirements Documents===

## Testing must include all 4 IDEF components of: Security, Privacy, User Experience and Interoperability. ...This requirement likely goes beyond a strict reading of the HIPAA security requirements.

...ticipant Member, or Individual User such as by means of burdensome testing requirements that are applied in a discriminatory manner or other means that limit the a ...rements which are more restrictive than any general state mandated privacy requirements.

common digital Consent Receipt Format standard. We of a standard ‘Consent Receipt’ schema. The Consent

Ensure the security of a stand-alone Token to provide high assurance of (1) Identity, (2) Authe ...fied. The value "0" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. Authentication using a long-lived brow

...puting device. This attestation provides the evidence need for meeting the requirements of that specification at the highest levels of assurance. ...velopers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - Howe

There are three sources of requirements for [[Native Apps for US Healthcare]]: ...velopers to coalesce around the development and implementation of a common standard for application registration with an API's authorization server. - - - Howe

...nt of Homeland Security (DHS) has issued a RFC] for security standards and requirements to enable Federal agencies to accept them if compliant with the REAL ID. Co **This includes comments relating to the economic, privacy, security, environmental, energy, or federalism impacts that might result from a futu

...ity objectives and controls in ISO/IEC 27002, is to create a common set of security categories and controls that can be implemented by a public cloud computing ...technically and might increase risks to those physical and logical network security controls in place.

...ish an integrity (aka health) claim for a device that, together with other security measures, is good evidence of the integrity of the information exchanged wi Integrity has two meanings in computer security. The first relates to the device not having been changed in any way since i

'''Title''': SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES '''Category''': Security Requirements Standard

'''Title''': Derived Test Requirements for FIPS PUB 140-2, Security Requirements for Cryptographic Modules ...S 140-2 and a framework for testing whether implementations conform to the standard. Every assertion from FIPS 140-2 is identified and given a requirement num

'''Category''': Credential Requirements Specification '''Description''': Specifies the architectural and technical requirements for the Personal Identity Verification (PIV) card

'''Category''': Credential Requirements Specification '''Description''': Specifies the architectural and technical requirements for the Personal Identity Verification (PIV) card

**Chat from Paul Knight: Please also add brief entry per standard in Standards Inventory list at https://wiki.idesg.org/wiki/index.php?title= (note the "Add Standard" button there. The other two standards will be submitted shortly by Mary, I

...unreasonable. If there are the IDEF requirements, then you have additional requirements based on the trust mark you are planning to use. **For things were we don’t have requirements, we should be using “should.”

<center>'''National Security Telecom Advisory Comm.(NSTAC) Report to the President on Identity Managemen <center>'''Oasis: Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0'''</center>

<center>'''National Security Telecom Advisory Comm.(NSTAC) Report to the President on Identity Managemen <center>'''Oasis: Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0'''</center>

==== SECURITY CONTROL ==== ...rds employed within an entity to ensure compliance with applicable privacy requirements and manage privacy risks.

...e-Requirement-v1.0-with-Supplemental-Guidance.pdf IDEF Baseline Functional Requirements and Supplemental Guidance v1.0]] :* NIST 800-63-2 (Standard approval)

'''Description''': A standard framework for Certificate Policies (CPs) and Certification Practice Stateme document is intended to provide a structure but not the requirements for what the policies should be. A

'''Category''': Document Development Standard introduction, scope, references, terms and definitions, and (optionally) requirements. Attention is paid to

# Provide in-line guidance in the example code of the IDEF requirements that a developer of any web site can apply. ...intent. This is in keeping with the [[Usable Best Practice A]] of the SALS requirements.

'''Title''': ISO/IEC 29100:2011 Information technology -- Security techniques -- Privacy framework '''Description''': This International Standard provides a high-level framework for the protection of personally identifiab

...ology -- Security Techniques -- Information security management systems -- Requirements (ISO 27001) '''Category''': Security

.../index.php?title=Baseline_Functional_Requirements_v1.0 Baseline Functional Requirements v1.0 (BFR)]. ...dations] were published in 1984 (Red Book). They were designed to become a standard for identifying users, but that role has been assumed by internet email add

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== ** Plenary planning for Security Committee breakout

**ISO 29115 the Security Committee had already submitted this standard to the Standards Committee. ...OK to include if there are no endorsement of products. We have a minimum standard for quality and it has to help people in a more general way. Mary will add

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== * Plenary planning for Security Committee breakout

==SECURITY COMMITTEE MEETING NOTES - '''''draft'''''== ...ry is being worked: the FMO will provide an update on the cross committee requirements, a number of mini sessions are being planned, updates from pilots and a goo

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== ...oup of volunteers has been identified to work on a standards list that the Security Committee would like to put forward for potential adoption by IDESG. These

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== ...nts will be changed to MUST statements. The task force has discussed four requirements out of the total of 15. There is no formal deadline to finish, but the tas

==SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - '''''draft'''''== ...d a copy to the Security Committee. The proposal is currently listed as a Security Committee initiative, but that will change. The comment was made that the

...king on supplemental guidance and a new reference page. They will vote on standard 80063 and the committee is recommending approval. **Security Committee will not be meeting this week.

...that LOA is not appropriate for attributes. But should we get RP current requirements on how they decide to trust attribute providers? ...ew is that assurance should be left to market and not formalized in single standard. There seemed to be a consensus on this among those present.

**Mary has asked for a copy of the third standard on usability and is waiting for a response. The two standards applications ...est practices to achieve certification. Tom had asked where the Functional requirements are posted and they are here: **https://wiki.idesg.org/wiki/index.php?title