Versions Compared

Old Version 15

changes.mady.by.user Former user

Saved on

compared with

New Version 16

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AAL3

  • Richard explained that it was adopted the multiple parties practice from the FAL2 to work into the IAL and AAL SACs, in doing so we have pulled out those criteria which relates specifically to federal agencies or might also apply to RPs, in order to take the AAL criteria to their fullest implementation responding to absolutely normative criteria.
  • He has updated all the tags because it's a substantial change. There is a new contiguous set, and the old ones will be here at least for a year or so while we transition to the new ones.
  • Changes are in red text; there have been a few changes which have affected level 2 because we've been more inclusive this time with federal agencies. 
  • I would guess it'll probably We have around 30 to 40 new discrete criteria of AAL3.
  • It was decided to defer the approval to the next week.



FAL3 

  • Basically, two criteria, one of them has three subparts.what this is requiring as a question of whether this is an accurate replication of essentially these criteria here, which you will find minimal change.

I will make this whole debate actually what we've done here. Is this shows the subscriber shall well, we don't assess subscribers, but we could assess an RP therefore. We would require the RP. To require the subject to prove possession Etc. And that's going to be the reason why we've made these changes.

Motion: IAWG to approve the FAL3 criteria as presented.

Moved: Mark King Seconded: Mark Hapner. Unanimous Approval.

The xAL3 SACs will go as a package for 45-day Public Comment and IPR Review.


in terms of the overall impact

The are there improvements or extensions? What what was the actual objective for the changes in general?

Honey, we have to go back to the nest requirement for that. Really I think and it's a question of demanding greater rigor or in some cases denying some of the authentication techniques that might be allowed at level 2 because they were not considered to be strong enough for level 3. So I mean all these cases As you move from one Assurance level to the next stronger higher level. It's all a question of removing weak Solutions and increasing the rigor


Kantara comments on how SP 800-63-3 could be revised for NIST’s consideration in developing Revision 4 

...