ID Proofing - Identity Evidence Collection with Moderate Assurance, v1.0

Credential Service Providers must collect evidence of the applicant's identity prior to credential issuance. This evidence must meet guidance specified for moderate assurance.

Assessment Step

CSP Evidence Collection (CSPEvidenceCollection)
Does the CSP collect satisfactory evidence confirming the applicant's identity? Be specific about the types of evidence collected and provide a mapping to the broader categories of evidence required (superior, strong, and fair). Detailed definitions for the evidence categories can be found within NIST 800-63-3 Section 5-1.
Provide evidence (e.g. organizational policies, compliance/assessment reports, sample data, etc.) that describe the evidence collection methodology or requirements of the CSP.

Conformance Criteria (1)

The CSP SHALL collect the following from the applicant:
  1. One piece of SUPERIOR or STRONG evidence if the evidence's issuing source, during its identity proofing event, confirmed the claimed identity by collecting two or more forms of SUPERIOR or STRONG evidence and the CSP validates the evidence directly with the issuing source; OR
  2. Two pieces of STRONG evidence; OR
  3. One piece of STRONG evidence plus two pieces of FAIR evidence.
NIST 800-63-3 Section 5-1 has details on evidence strengths.
NIST SP 800-63A
Sections and 5.1