Assurance

[Arlene Allen <>]

Is it going to be updated or finalized? That doc says that it is a Sept 
2009 Release Candidate.

On 8/4/2011 8:43 AM, Jim Basney wrote:
> Note also that with the v1.1 InCommon Assurance revisions, the TFPAP
> (http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf)
> is now our primary reference for LOA definitions, rather than 800-63.
>
> On 8/4/11 9:51 AM, Michael R. Gettes wrote:
> > as long as we take care to indicate documents such as 800-63 as the gospel.  800-63 is 
> > for the feds, not for the rest of us.  there exists useful guidance within these docs 
> > but appropriate care should be taken to not use them as "the" way to do 
> > things.
> >
> > /mrg
> >
> > On Aug 4, 2011, at 10:44, Ann West wrote:
> >
> > > Yep. Good idea. I assume 800-63 would be used as background or if one wanted 
> > > to get another take on LoA? Also to understand the providence for 
> > > Bronze/Silver?
> > >
> > > I would think OMB-0404 should be included for SPs then and that reminds me 
> > > that we'll need to include guidance for how to assess services for assurance 
> > > levels. For instance, I talked to one non-InCommon library vendor about LoA 
> > > and he thought his abstract service should probably be Silver.
> > >
> > > Or maybe the market place will sort that out?
> > >
> > >
> > > Ann
> > >
> > >
> > >
> > > links to supporting docs  (NIST 800-63 for example)
> > >
> > > Mark
> > >
> > > ------------------------------------------
> > > Mark Rank, Middleware Architect
> > > University Information Technology Services
> > > UW-Milwaukee
> > > Email: 
> > >
> > > Phn:  414-229-3706
> > > ------------------------------------------
> > >
> > > ----- Original Message -----
> > > From: "Ann 
> > > West"<>
> > > To: 
> > >
> > > Sent: Thursday, August 4, 2011 9:18:59 AM
> > > Subject: [InC Assurance] Assurance Toolkit: What's in it?
> > >
> > > Hi All,
> > >
> > > What tools, documents, guidance would you like to see in a toolkit for 
> > > implementing assurance?
> > >
> > >
> > > Below is a brainstormed list to get us started:
> > >
> > >
> > >
> > >
> > >
> > >
> > > - Auditor guidance (what should be in the summary report, how long an audit 
> > > is expected to take, suggestions from peer auditors)
> > > - Submission Templates
> > > - Case studies on how others have satisfied the certification requirements
> > > - Checklist for certification (includes actions and documents to submit)
> > > - Assurance Addendum to Legal agreement
> > >
> > >
> > > What's missing? Needs clarification?
> > >
> > >
> > > Ann
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Ann West
> > > Internet2/InCommon/Michigan Tech
> > >
> > >
> > > office: +1.906.487.1726

--
Arlene Allen
Director, IS&C / OIST
University of California, Santa Barbara
805.893.2062 office
805.451.7471 cell