Assurance
From MgmtWiki
Full Title or Meme
The level of trust that can be afforded a claim of an Identifier or Attribute.
Context
- Some means for assuring the Web Site Security is required. See that page for details.
- The rest of this page is about establishing a level of assurance for Personal Information about a User also known as a Subject.
- NIST 800-63-3
Problems
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
Solutions
- AAL1 ==> password
- AAL2 ==> 2FA
- AAL3 ==> U2F
References
- Synonyms include: Validation.