InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

Slides:



Advertisements
Similar presentations
June 27, 2005 Preparing your Implementation Plan.
Advertisements

PhoenixPro Procurement. technology. contracts. projects.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Going for the Silver Winter 2010 CSG January 13, 2010.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
EMS Auditing Definitions
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
The Demand for Audit and Other Assurance Services Chapter 1.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Mary Dunker Common Solutions Group January 12, 2010.
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.
BIT-224 Audit Muhammad Khurshid Khan THE DEMAND FOR AUDITING Why do organizations request an audit? –Agency relationship Evidence supporting a demand.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.
National Smartcard Project Work Package 8 – Security Issues Report.
TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
The InCommon Federation The U.S. Access and Identity Management Federation
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.
1 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Test your IdP
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The Demand for Audit and Other Assurance Services Chapter 1.
Kantara Initiative Privacy Framework Overview and Value Proposition 13 May 2011.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Reporting. CONTENT Types of project assessment reports Questionnaires – follow-up of researchers Declaration on Conformity Amendments SESAM and reporting.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.
Tom Barton, Senior Director for Integration, University of Chicago
The Demand for Audit and Other Assurance Services
Preparing For An InCommon Silver Audit – Lessons From the First Phase
The Demand for Audit and Other Assurance Services
How to Survive an External Quality Assessment
InCommon Participant Operating Practices: Friend or Foe?
Project proposal for ISO 27001:2013 implementation
InCommon Participant Operating Practices: Friend or Foe?
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker

InCommon Assurance Certification What is it? Why would I want it? How do I get it? 2

Assurance certification: What is it? Designation by InCommon that an Identity Provider meets criteria for one or more of InCommon Identity Assurance Profiles Bronze and Silver (IAP) Evidence that IdP meets a standard for higher education recognized by federal government Identity Assurance Qualifier added to Identity Provider’s InCommon metadata by InCommon 3

Assurance certification: Why would I want it? Improve identity & access management processes Improve security surrounding campus credentials Implement best practices for higher ed Allow access to federated services that require it 4

Assurance helps manage risk in cloud. 5

Assurance certification: How do I get it? 1.Join the InCommon Federation 2.Support an Identity Provider with SAML/Shibboleth 3.Read Identity Assurance Assessment Framework and Identity Assurance Profiles 4.Evaluate scope Bronze and/or Silver Users Credentials 5.Start a project 6

InCommon Assurance Project High level sponsor Scope Definition Audit (Silver) or attestation Gap analysis Management assertions Alternative means? Submission 7

Sponsorship Enlist support of friends in high places – Vice President for Information Technology & CIO. Project will span units outside your own. Human Resources and/or Payroll – employee identities Registrar/Provost – student identities ID Card-issuing office IT Security Office Internal (?) Audit 8

Define Scope Which users will get Assurance? What assurance level do they need? (Bronze, Silver, both?) What credentials will they use? 9

Audit or Attestation? Silver requires audit; auditor’s opinion attesting to Management Assertions. Bronze requires attestation, but audit can be done. “Attester” checks Bronze box on InCommon Operations Data Form and signs Assurance Addendum. Attester = Executive or person who signed InCommon Participant Agreement 10

Gap Analysis – IAP Criteria Business, Policy and Operational Criteria Registration and Identity Proofing (primarily Silver) Credential Technology Credential Issuance and Management Authentication Process Identity Information Management Assertion Content Technical Environment (Silver only) 11

For each subsection… Do we meet the criteria? Yes: What/where is the supporting evidence? Technical Documentation No: What work needs to be done? Technical? Documentation? Policy? Effort: major, moderate, or minor Who will do the work? When will the work be completed? 12

Management Assertions InCommon Participant Virginia Tech is an InCommon Participant in good standing. 13

Evidence of compliance InCommon Participant On, Virginia Tech received a copy of the completed InCommon Participant Agreement, signed by John Doe of Virginia Tech, and John Krienke, InCommon CEO. Most recent membership payment of $xxxx.00 was made on, with PO xxxxx. Virginia Tech is in compliance with other contractual obligations to InCommon, including posting InCommon Participant Operational Practices.InCommon Participant AgreementInCommon Participant Operational Practices 14

Alternative Means Equivalent or stronger methods to satisfy criteria in the IAP. Multi-factor Active Directory Your alternative means here… 15

Alternative Means submission Prior to applying for certification At the time of application Community contribution See alternativemeans.html alternativemeans.html 16

Audit Report Date Auditor identification and qualifications Outline of audit methodology Statement of whether the IdPO conforms with all requirements of each IAP (Bronze, Silver.) See IAAF Section

Application Packet Bronze: Assurance Addendum Silver: Audit summary Assurance addendum (must also apply for Bronze) Alternative means if applicable Approval process takes approximately one month. 18

Resources The program e/ e/ The Assessment Framework (IAAF) AF.pdf AF.pdf Identity Assurance Profiles (IAP) P.pdf P.pdf 19

Resources, continued… Gap Analysis Templates ance/Gap+Analysis+Templates ance/Gap+Analysis+Templates Generalized Management Assertions ance/Generalized+Management+Assertions ance/Generalized+Management+Assertions Alternative Means e/alternativemeans.html e/alternativemeans.html 20

Resources, continued… Submission – See FAQ e/faq.html e/faq.html Audit requirements -- See IAAF section 4.2 Assurance Addendum and US FICAM Privacy Assurance Criteria urance/Assurance_Addendum.pdf urance/Assurance_Addendum.pdf 21

Resources, continued… Virginia Tech Assurance Implementation Example ance/Assurance+Implementation+Example+- +Virginia+Tech ance/Assurance+Implementation+Example+- +Virginia+Tech CAS integration -CAS+Integration 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.