![]() ![]() Q-B07: Is use of knowledge-based authentication permitted? Q-B06: Are password composition rules no longer recommended? Q-B05: Is password expiration no longer recommended? Q-B04: What is verifier impersonation resistance? Q-B02: Can you provide a more detailed description of “risk-based or adaptive authentication techniques” as mentioned in NIST SP 800-63B? Q-B01: What is a RESTRICTED authenticator and what do providers have to do differently if they use one? Q-A4: How can knowledge-based verification (KBV) be used in identity proofing at IAL2 or IA元? Q-A3: If employees’ fingerprints are collected for a background investigation, is it necessary for a CSP to do an additional fingerprint check? Q-A2: What is the difference between supervised remote identity proofing and unsupervised remote identity proofing? Q-A1: What is the difference between the conventional proofing process and using a trusted referee at IAL2? Q-7: Are CSPs (or operators of CSPs) required to be United States citizens? Q-6: Is there a template you can share that reflects the new assurance levels, impact levels, etc. ![]() ![]() Q-5: Are usernames considered personal information? Q-4: Should I always use the highest xAL? How do I know which xAL to choose? Q-3: When does SP 800-63 apply to federal agencies? Q-1: Why were identity proofing, authentication, and federation separated into distinct categories? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |