Federation Assurance Level Assertion Limitation for Federation Proxies, v1.0

The use of proxies within a federation must not incorrectly present the Federation Assurance Level (FAL) to any relying parties. All proxies must strictly advertise the lowest FAL that operate at as the only FAL they operate at for the purposes of considering the FAL for any transaction using the proxy.

Assessment Step

Proxied Federation Assurance Level (ProxiedFederationAssuranceLevel)
Do all proxies used by the federation properly set the federation assurance level to the lowest level that correctly describes the operations of the federation (for example if the internal federation is FAL 3, but the external is FAL 2, the overall FAL should be FAL 2)?
Provide evidence (e.g. organizational policies, compliance/assessment reports, sample data, etc.) that support verifying that any proxying is properly captured in determining the FAL for the federation.

Conformance Criteria (1)

Federations presented through a proxy SHALL be represented by the lowest level used during the proxied transaction.
NIST SP 800-63C
Section 4, Paragraph 3