cite #ri Registration and Issuance
- 1) A trusted relationship always exists between the RA and Identity Provider.
- Mechanisms and policies should be in place to ensure each party and its obligations are known to the other.
- 2) Sensitive data collected during the registration stage must be protected at all times (e.g. transmission and storage) to ensure its security and privacy.
- Sufficiently protect all sensitive data including PII (as defined by the Federal Government; See Appendix C) obtained during registration.
- 3) Resist token issuance disclosure threat.
- Issue token in a manner that protects confidentiality of information.
- 4) Resist token issuance tampering threat.
- Establish a procedure that allows the Subscriber to authenticate the CSP as the source of any token and credential data that he or she may receive.
- 5) Resist unauthorized token issuance threat.
- Establish procedures to ensure that the individual who receives the token is the same individual who participated in the registration procedure.
- 6) Some effort should be made to uniquely identify and track applications.
- “Applications” means “requests for token”. The intent is to ensure that the same party acts as Applicant throughout the registration, and token and credential issuance processes.
- 1) Resist token duplication threat.
- Protect against a Subscriber’s token being copied with or without his or her knowledge (e.g., use tokens that are hard to copy).
- 2) Resist social engineering threat.
- Protect against an Attacker establishing a level of trust with a Subscriber in order to convince the Subscriber to reveal his or her token or token secret.
- 3) For memorized secret tokens, pre-registered knowledge tokens, look-up secret tokens, and out of band tokens, the probability that an Attacker can guess a valid authenticator, over the lifetime of the token, must be less than 2-10 (1 in 1024).
- The maximum probability that, over the life of the password, an Attacker with no a priori knowledge of the password will succeed in an in-band password guessing attack. See NIST SP 800-63 Appendix A for complete discussion
cite #tcm Token and Credential Management
- 1) Files of shared secrets used by Verifiers shall be protected by discretionary access controls that limit access to administrators and only to those applications that require access. Such shared secret files shall not contain the plaintext passwords.
- Sufficiently protect shared secrets such as passwords.
- 2) Long term token secrets should not be shared with other parties unless absolutely necessary.
- Any secret (e.g., password, PIN, key) involved in authentication shall not be disclosed to third parties by verifier or CSP, unless absolutely necessary and appropriate (e.g., with Federal ICAM infrastructure elements).
cite #ap Authentication Process
- 1) Resist online guessing threat.
- Protect against an Attacker performing repeated logon trials by guessing possible values of the token authenticator.
- 2) Resist replay threat.
- Protect against an Attacker being able to replay previously captured messages (between a legitimate Claimant and a Verifier) to authenticate as that Claimant to the Verifier.
- 3) Successful authentication requires that the Claimant shall prove, through a secure authentication protocol, that he or she controls the token.
- Ensure that the Claimant (person being authenticated) actually possesses the token.
- 4) Plaintext passwords or secrets shall not be transmitted across a network.
- A network is an open communications medium, typically the Internet, used to transport messages between the Claimant and other parties.
- 1) Use an ICAM adopted authentication scheme.
- Use of any ICAM adopted authentication scheme defined for this assurance level is acceptable.