Assurance Implementation Toolkits
This page provides toolkits for the primary parties involved in implementing and using Assurance Profiles:
Auditor Toolkit
Preparing for the Assessment
- Read the Identity Assurance Assessment Framework and the Identity Assurance Profiles.
- Read reference materials (NIST 800-63-1 Electronic Authentication Guidelines)
- Review the Assurance wiki.
- Make sure management has drafted assertions for each requirement and review those to make sure they address all aspects. Campus Audit staff have also developed an internal report template (IAP version 1.2) to help IdPO's develop the management statements that Audit would then review. This report would not be sent to InCommon, but used as an internal planning tool.
Conducting the Assessment
- Create workpapers documenting testing performed to validate conformance to the criteria, not just verifying management assertions
- Track each criteria to identify gaps or conformance
Applying for Certification
- Write report to management per IAAF - AICPA's Statements on Standards for Attestation Engagements is one recommended process that can be used for auditing Silver and, optionally, Bronze. An example report that the IdPO would send to InCommon can be found at AT §601.58