assurance - RE: [Assurance] Silver assurance and process compliance

Subject: Assurance

List archive

RE: [Assurance] Silver assurance and process compliance

From: "Roy, Nicholas S" <>
To: "" <>
Subject: RE: [Assurance] Silver assurance and process compliance
Date: Thu, 29 Mar 2012 18:26:53 +0000
Accept-language: en-US

To paraphrase one of the auditors who's been really closely involved in the
process, Silver is Silver, it's not NIST LoA 2 from 800-63.

Nick

-----Original Message-----
From:

[mailto:]
On Behalf Of Tom Scavo
Sent: Monday, March 26, 2012 6:41 PM
To:

Subject: Re: [Assurance] Silver assurance and process compliance

Hi Eric,

> I still would love to see some general guidelines out of InCommon
> (either the formal project group or us as a general user community)
> on specific practices

I'm not exactly sure what you're looking for but I would recommend not
veering too far from the Identity Assurance Profile (IAP) since it is the
definitive document throughout the entire process. It is what your auditor
will audit against, and at the end of the day, the Assurance Program awards
certifications for compliance with the IAP.

Others have suggested that sites engage their auditors early in the process.
I think that's excellent advice.

Tom

[Assurance] Silver assurance and process compliance, Eric Goodman, 03/19/2012
- RE: [Assurance] Silver assurance and process compliance, Roy, Nicholas S, 03/22/2012
- RE: [Assurance] Silver assurance and process compliance, Jones, Mark B, 03/23/2012
  - Re: [Assurance] Silver assurance and process compliance, Eric Goodman, 03/26/2012
    - Re: [Assurance] Silver assurance and process compliance, Tom Scavo, 03/26/2012
      - RE: [Assurance] Silver assurance and process compliance, Roy, Nicholas S, 03/29/2012
    - RE: [Assurance] Silver assurance and process compliance, Jones, Mark B, 03/26/2012
    - Re: [Assurance] Silver assurance and process compliance, Ann West, 03/30/2012

List archive

RE: [Assurance] Silver assurance and process compliance