Assurance
From MgmtWiki
Full Title or Meme
The level of trust that can be afforded a claim of an Identifier or Attribute.
Context
- Some means for assuring the Web Site Security is required. See that page for details.
- The rest of this page is about establishing a level of assurance for Personal Information about a User also known as a Subject.
- NIST 800-63-3
Problems
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
Solutions
A rather facile mapping of the NIST levels of Assurance to the processes known today is:
- AAL1 ==> password
- AAL2 ==> 2FA
- AAL3 ==> U2F
The best source of Truth about an Identity is obtained by documentation of the Identity Proofing process.
References
- Synonyms include: Validated.