Skip to Content.
Sympa Menu

assurance - [Assurance] RE: Bronze/Silver/other Account Populations?

Subject: Assurance

List archive

[Assurance] RE: Bronze/Silver/other Account Populations?


Chronological Thread 
  • From: "Jones, Mark B" <>
  • To: "" <>
  • Subject: [Assurance] RE: Bronze/Silver/other Account Populations?
  • Date: Tue, 9 Oct 2012 13:13:48 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

Our plan will be to certify our entire population at the Silver IAP.  Though the policies that must be put in place for this are not always popular Silver sets the bar relatively low.  OMB 0404 describes the LOA that maps to Silver as having only some confidence in the validity of the identity, and these are the accounts we use to access our most valuable systems and data.  Aside from the clear risk justification, we have a state law that requires that we know who is accessing our non-public IT resources.  We think LoA 2 or above is required to claim compliance.

 

From: [mailto:] On Behalf Of Russell J Yount
Sent: Tuesday, October 09, 2012 7:34 AM
To:
Cc: Russell J Yount
Subject: [Assurance] Bronze/Silver/other Account Populations?

 

What goals have institutions set for Bronze or Silver certification of their user populations?  Is your institution planning to have all accounts certified for one IAP or certify only some accounts for each IAP?  What was the rationale behind the decision?

 

-Russ

 

Russell J. Yount <>

Identity Services, Carnegie Mellon University




Archive powered by MHonArc 2.6.16.

Top of Page