| Trustmark Definition Name | Version |
|---|---|
|
All communications during authentication between the claimant and verifier must use authenticated and protected channels.
|
1.0 |
|
Authentication with authenticators that do not use attestation.
|
1.0 |
|
Authentication with authenticators that do not use biometrics.
|
1.0 |
|
Some authenticator types are not susceptible to online guessing attacks and thus may not require mitigation against these attacks.
|
1.0 |
|
Verifiers may have no compromise resistance requirements for some authenticator types.
|
1.0 |
|
Authentication schemes may include the use of no restricted authenticators
|
1.0 |
|
Lookup Secrets are shared secrets between the claimant and CSP that the claimant provides to the CSP as an authentication factor. The claimant either is prompted for a specific secret or provides one from a set they have and it is no longer valid. Use of lookup secrets must adhere to the rules found within NIST 800-63-3B: 5.1.2.
|
1.0 |
|
Memorized Secrets (passwords and pins) must be sufficiently hard to guess and adhere to the rules found within NIST 800-63-3B: 5.1.1
|
1.0 |
|
Multi-factor cryptographic devices may be used for authentication and must adhere to the rules found within NIST 800-63-3B: 5.1.9
|
1.0 |
|
Multi-factor cryptographic software may be used for authentication and must adhere to the rules found within NIST 800-63-3B: 5.1.8
|
1.0 |
|
A multi-factor one-time password device may be used for authentication and must adhere to the rules found within NIST 800-63-3B: 5.1.5
|
1.0 |
|
An out-of-band authenticator is a physical device that is uniquely addressable and can communicate securely with the verifier over a distinct communications channel. There are many ways to use such a device in authentication and doing so must adhere to rules found within NIST 800-63-3B: 5.1.3
|
1.0 |
|
Single factor cryptographic devices may be used for authentication and must adhere to the rules found within NIST 800-63-3B: 5.1.7
|
1.0 |
|
Single factor cryptographic software may be used for authentication and must adhere to the rules found within NIST 800-63-3B: 5.1.6
|
1.0 |
|
A single factor one-time password device may be used for authentication and must adhere to rules found within NIST 800-63-3B: 5.1.4.
|
1.0 |
|
All biometric sensors and processes used as part of an authenticator must meet performance requirements specified in NIST 800-63-3
|
1.0 |
|
Authentication with verifier impersonation resistance requires strong cryptographic binding of the authenticated channel with the authenticator output.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that assertions used to communicate the results of a remote authentication to other parties expire after a defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that assertions used to communicate the results of a remote authentication to other parties are not accepted by relying parties if they have expired.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that assertion mechanisms used to communicate the results of a remote authentication to other parties are obtained directly from a trusted entity using a secure protocol.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires assertion mechanisms used to communicate the results of a remote authentication to other parties are digitally signed.
|
1.0 |
|
Addresses the requirement for remote management workstations to authenticate at the same level of assurance required by the system.
|
1.0 |
|
Addresses the requirement that for organization PKI certificate authorities (CAs), the authentication of the Subscriber must meet the requirements specified for Subscriber authentication in the Organization CP.
|
1.0 |
|
Addresses the requirement that for organization PKI certificate authorities (CAs), the authentication of the Subscriber must meet the requirements specified for Subscriber authentication in the X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA)
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator content protection as related to overall identification and authentication requirements.
|
1.0 |
