NIEF Full Disclosure - IDPO, v1.0

Specifies National Identity Exchange Federation (NIEF) requirements for an Identity Provider Organization (IDPO) on the full disclosure of all applicable policies, procedures, and other documentation to other NIEF member organizations.

Assessment Steps (7)

1
Verify the submission of the NIEF Application (VerifythesubmissionoftheNIEFApplication)
Has the trustmark applicant submitted a completed NIEF Application to the NIEF FMO? Provide the completed NIEF Application.
Artifact
Application
The completed NIEF Application.
2
Verify the submission of ATO documentation (VerifythesubmissionofATOdocumentation)
Has the trustmark applicant submitted completed IDPO Authority-to-Operate documentation to the NIEF FMO? Provide the completed ATO.
Artifact
ATO
The completed ATO.
3
Verify the submission of the security policy (Verifythesubmissionofthesecuritypolicy)
Has the trustmark applicant submitted documentation that comprises its local security policy to the NIEF FMO? Provide the local security policy documentation.
Artifact
Security Policy
The local security policy documentation.
4
Verify the submission of the user agreement (Verifythesubmissionoftheuseragreement)
Has the trustmark applicant submitted documentation that comprises its local user agreement to the NIEF FMO? Provide the local user agreement documentation.
Artifact
User Agreement
The local user agreement documentation.
5
Verify the submission of the user vetting policy (Verifythesubmissionoftheuservettingpolicy)
Has the trustmark applicant submitted documentation that comprises its local user vetting policies and procedures to the NIEF FMO? Provide the local user vetting documentation.
Artifact
User Vetting Documentation
The local user vetting documentation.
6
Verify the submission of the NIEF Attribute Map (VerifythesubmissionoftheNIEFAttributeMap)
Has the trustmark applicant submitted a completed NIEF Attribute Map for IDPOs to the NIEF FMO? Provide the completed NIEF Attribute Map.
Artifact
Attribute Map
The completed NIEF Attribute Map.
7
Verify the submission of the NIEF Security Practices Checklist (VerifythesubmissionoftheNIEFSecurityPracticesChecklist)
Has the trustmark applicant submitted a completed NIEF Security Practices Checklist to the NIEF FMO? Provide the completed NIEF Security Practices Checklist.
Artifact
Security Practices Checklist
The completed NIEF Security Practices Checklist.

Conformance Criteria (7)

Submission of the NIEF Application
The organization MUST submit a completed NIEF Application to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of ATO documentation
The organization MUST submit a completed IDPO Authority-to-Operate documentation to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of the security policy
The organization MUST submit documentation that comprises its local security policy to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of the user agreement
The organization MUST submit documentation that comprises its local user agreement to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of the user vetting policy
The organization MUST submit documentation that comprises its local user vetting policies and procedures to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of the NIEF Attribute Map
The organization MUST submit a completed NIEF Attribute Map for IDPOs to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process
Submission of the NIEF Security Practices Checklist
The organization MUST submit a completed NIEF Security Practices Checklist to the NIEF FMO.
Citation
NIEF-OPP
Section 6.2: Application Process