Identity Assurance Profiles Standard

Download PDF Version

Purpose:

Establish multiple levels of assurance for electronic identities, with attributes and requirements for their issuance. Multiple levels are needed to conduct the varied functions of the university, but can be handled without subjecting all users to the most rigorous levels of security.

Scope:

All electronic identities and accounts issued and maintained through the university’s IdM Directory Registry and GatorLink Account processes.

Standard:

See the chart at the bottom of this document for the minimal attribute requirements for all each Identity Assurance Profile (IAP) defined in this standard.

Identity Assurance Profiles (IAPs)

UF FISMA Moderate Affiliate

UF FISMA Moderate offers a federal compliant FISMA Moderate certified proofing and Identity level. The user has been certified by UF proofing agents, possesses Multi-­‐‑Factor Authentication (MFA) capable credentials and has had no events to risk those credentials since the most recent proofing. This level is intended to comply with requirements for the NIST Level of Assurance 3 for credentials. UF FISMA Moderate identities are assigned a UF Password Complexity level of P6. Only qualified workforce members as defined in the UF FISMA Moderate Proofing Procedure may be assigned a UF FISMA Moderate profile. The user must also possess the UF FISMA Moderate approved MFA capability prior to proofing.

UF Proofing Agents serving as Registration Authorities for FISMA Moderate profiles
must verify a person’s identity and the specified Minimal Attributes Required before
granting a UF FISMA Moderate profile credential.

UF Silver Affiliate

UF Silver offers a high level of assurance that an identity maps to the appropriate person and is intended to comply with requirements for the NIST Level of Assurance 2. UF Silver identities are assigned UF Password Complexity level P4 or higher. Only qualified faculty, staff, students and workforce members as defined in the UF Silver Registration Proofing Procedure may be assigned a UF Silver profile.

UF IdM Coordinators serving as Registration Authorities must verify a person’s identity in person and with the specified Minimal Required Attributes before granting a UF Silver profile credential.

UF Bronze Affiliate

UF Bronze is the default profile for active students, employees, and workforce members. The identity must have the Minimal Attributes Required for Bronze and is intended to comply with requirements for the NIST Level of Assurance 1. UF Bronze identities may be assigned any UF Password Complexity level.

No in-person review of the credential is required for UF Bronze.

UF Basic Affiliate

UF Basic Affiliate level is asserted for all active members of the university community who, by virtue of UF entered directory affiliations and the minimal attributes for this IAP, are considered well known enough to the institution to enable Basic access for GatorLink. In these cases, the user is known by virtue of a UF application system or by an IdM Coordinator. Examples include student applicants, library patrons, and other affiliates. This level is also assigned to students and workforce members who do not have the minimal attributes available for the Bronze profile.

UF Self-Asserted

UF Self-­Asserted level is granted to people who may need to obtain a GatorLink ID for the mutual benefit of UF and the account holder. The individual has used a UF interface to assert their identity through an online automated interface without vetting from UF representatives. It is used to register for various activities offered through the Learning Support System and for initial contact with UF Applicants for admission. Examples include registrants in non-­‐‑credit distance learning activities or extension service programs.

UF Guest

UF Guest is a short-term temporary access level, for visitors to the UF campus who require temporary access to minimal services. Guests are not eligible for a permanent GatorLink ID and not listed in the IdM directory registry. Examples are seminar participants needing Internet access.

Guest identities are not eligible for promotion to any other IAP.

Minimal Attributes Required for Each IAP

 
UF FISMA Moderate
UF Silver
UF Bronze
UF Basic
UF Self-Asserted
UF Guest
Business NameXXXXXX
UFID NumberXXXXXX
Date of BirthXXXXX 
UF business e-mail addressXXXXXX
Workplace phone numberXEmployees  Employees     
Workplace street addressXEmployees  Employees  
Permanent or local street addressXStudents & non-employeesStudents & non-employees
Social Security Number OR passport numberXXX
Personal e-mail addressX
Mobile phone number (work or personal)X (optional, but must have alternate method of MFA)
MFA typeX

References:

  • IAM-­001: Identity Management Policy
  • AC-­002.02: Password Complexity Standard
  • NIST 800-­63: Electronic Authentication Guideline
  • InCommon Identity Assurance Profiles (Bronze & Silver) 1.1
  • Federal Identity, Credentialing and Access Management Trust Framework Provider for Adoption Process (TFPAP) For Levels of Assurance 1, 2, and Non-­PKI 3 Version 1.0.1
  • UF FISMA Moderate Proofing Procedure
  • UF Silver Registration Proofing Procedure

Effective Date:

June 24, 2015