FICAM LOA 2 Token and Credential Management Profile, v1.0

This Trust Interoperability Profile specifies NIST 800-63 LOA 2 requirements on the management of authentication tokens and credentials by CSPs, as adopted by FICAM. This Profile does not the include security control requirements stated in NIST 800-63. Credential storage requirements from NIST 800-63 are not covered in this TIP, but are covered in the NIST 800-63 Token Type Specific Strength and Authentication Profiles, specifically for shared secret tokens.
Publication Date: 2017-05-18
Issuing Organization:
No Responder support@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords: There are no keywords.
Supersedes:
Legal Notice: This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TIP_1 AND TIP_2 AND TD_1 AND TD_2 AND TD_3

References (5)

TIP_1
This Trust Interoperability Profile specifies NIST 800-63 requirements on credential verification services provided by CSPs, for LOAs 1 - 4.
TIP_2
This Trust Interoperability Profile specifies NIST 800-63 LOA 2 requirements on the renewal and re-issuance of tokens and credentials by CSPs.
TD_1
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for the revocation of tokens and credentials within 72 hours of a CSP becoming notified of a compromise.
TD_2
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for maintaining token and credential provenance records.
TD_3
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for retaining token and credential provenance records for seven years and six months.
Also available as XML or JSON