Skip to Content.
Sympa Menu

assurance - Re: [InC Assurance] Assurance Toolkit: What's in it?

Subject: Assurance

List archive

Re: [InC Assurance] Assurance Toolkit: What's in it?


Chronological Thread 
  • From: Mark John Rank <>
  • To:
  • Subject: Re: [InC Assurance] Assurance Toolkit: What's in it?
  • Date: Thu, 4 Aug 2011 10:54:12 -0500 (CDT)

Jim:

Good to know and would be a worthy link.
A brief glance though still has the
"see NIST SP 800-63 Appendix A for complete discussion"
reference.

Regards,
Mark


------------------------------------------
Mark Rank, Middleware Architect
University Information Technology Services
UW-Milwaukee
Email:


Phn: 414-229-3706
------------------------------------------

----- Original Message -----
From: "Jim Basney"
<>
To:

Sent: Thursday, August 4, 2011 10:43:33 AM
Subject: Re: [InC Assurance] Assurance Toolkit: What's in it?

Note also that with the v1.1 InCommon Assurance revisions, the TFPAP
(http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf)
is now our primary reference for LOA definitions, rather than 800-63.

On 8/4/11 9:51 AM, Michael R. Gettes wrote:
> as long as we take care to indicate documents such as 800-63 as the gospel.
> 800-63 is for the feds, not for the rest of us. there exists useful
> guidance within these docs but appropriate care should be taken to not use
> them as "the" way to do things.
>
> /mrg
>
> On Aug 4, 2011, at 10:44, Ann West wrote:
>
>> Yep. Good idea. I assume 800-63 would be used as background or if one
>> wanted to get another take on LoA? Also to understand the providence for
>> Bronze/Silver?
>>
>> I would think OMB-0404 should be included for SPs then and that reminds me
>> that we'll need to include guidance for how to assess services for
>> assurance levels. For instance, I talked to one non-InCommon library
>> vendor about LoA and he thought his abstract service should probably be
>> Silver.
>>
>> Or maybe the market place will sort that out?
>>
>>
>> Ann
>>
>>
>>
>> links to supporting docs (NIST 800-63 for example)
>>
>> Mark
>>
>> ------------------------------------------
>> Mark Rank, Middleware Architect
>> University Information Technology Services
>> UW-Milwaukee
>> Email:
>>
>>
>> Phn: 414-229-3706
>> ------------------------------------------
>>
>> ----- Original Message -----
>> From: "Ann West"
>> <>
>> To:
>>
>> Sent: Thursday, August 4, 2011 9:18:59 AM
>> Subject: [InC Assurance] Assurance Toolkit: What's in it?
>>
>> Hi All,
>>
>> What tools, documents, guidance would you like to see in a toolkit for
>> implementing assurance?
>>
>>
>> Below is a brainstormed list to get us started:
>>
>>
>>
>>
>>
>>
>> - Auditor guidance (what should be in the summary report, how long an
>> audit is expected to take, suggestions from peer auditors)
>> - Submission Templates
>> - Case studies on how others have satisfied the certification requirements
>> - Checklist for certification (includes actions and documents to submit)
>> - Assurance Addendum to Legal agreement
>>
>>
>> What's missing? Needs clarification?
>>
>>
>> Ann
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Ann West
>> Internet2/InCommon/Michigan Tech
>>
>>
>>
>>
>> office: +1.906.487.1726
>>
>
>



Archive powered by MHonArc 2.6.16.

Top of Page