Risk Inventory


Mapping Template we can use as a basis 

CCopy of Int'l Mapping Worksheet Extract - Identity Proofing (27November2017).xlsx

Source: NIST contribution to the ISO/IEC JTC 1 SC 27 Work Group 5. David Temoshok, NIST, confirmed us that is in Public international Domain and no attribution for this is necessary and that we can use this mapping template for our own purposes.


  • The plan is to discuss if this would be a useful mapping tool for identity schemes, see how the schemes relate to each other, which are the common risks. It may evolve and be a tool for managing audits, and criteria sets and mappings. It may also work for privacy risks and standards mappings.
  • As starting point, the idea would be to use the first columns and replace columns F G and H with Kantara SACs (Classic, 800-63-3 + FULL) and think how the SACs mitigate those risks, and which other risks we should add.
  • IAWG Discussion: Thursday, February 22.