Trust Fabric Expiration

The NIEF Cryptographic Trust Fabric Management Policy (Section 2.4.2) specifies that the NIEF Trust Fabric will be revised every 30 days or sooner as needed to accommodate updates. The trust fabric signing happens on an offline, air gapped certificate authority as specified within the NIEF Certificate Policy. Due to the ongoing COVID-19 crisis, and a mandate to work from home as much as possible, the use of the air gapped certificate authority system is more difficult. It is still critical that the trust fabric expire within some amount of time and that it be regenerated and republished prior to expiration, but to accommodate the working conditions of the COVID-19 crisis, we are relaxing the requirement within Section 2.4.2 and currently extending the period to 60 days, this may be extended further in the coming months if appropriate. Please direct any questions or concerns to

New NIST 800-63-3 Assurance Level Attributes

As you may know, NIST recently published a new version of the NIST SP 800-63 specification. To better align with the new levels of assurance that this updated specification defines, NIEF has defined three new assurance level attributes within the NIEF Attribute Registry as a new Assurance Level Attribute Bundle.  NIEF encourages participating Identity Providers to add support for these new attributes.  These attributes do not map precisely to the legacy assurance attributes, but many of the same underlying security principles dictate the appropriate levels of assurance.  If you have any concerns about what levels of assurance are appropriate for your IDP to assert, feel free to reach out to

Announcing Availability of TXMAP to NIEF Members

We are pleased to announce the availability of the Texas Department of Public Safety’s TXMAP web mapping application. TXMAP is a multi-faceted data mapping and reporting tool.  It provides users access to a variety of data ranging from secure critical infrastructure and law enforcement data to public data such as registered sex offender home addresses.  TXMAP can provide value to law enforcement agencies, public safety organizations, emergency management groups, and others.

To gain access to TXMAP, your IDP must provide the minimal required set of attributes as per TXMAP auditing requirements. This includes given name, surname, email, employer name, federation id, and identity provider id.  TXMAP grants additional privileges to users that have additional attributes including ORI, identity proofing assurance level, electronic authentication assurance level, PCII Certification Indicator, Sworn LEO, and Public Safety Officer.

If your organization needs to update its local trust stores, you can find the NIEF trust fabric entry for TXMAP within the NIEF Trust Fabric Registry and in the NIEF Trust Fabric file.

If you have any questions about TXMAP and NIEF, or if you encounter any problems while trying to configure your IDP for access to TXMAP, please contact us at

New NIEF Signing Certificate / Key Pair

The X.509 certificate and key used to sign the NIEF trust fabric has been updated.  During the deployment of new trust fabric management tools for FICAM compliance, the old key was deleted, requiring a new key to be created.  There is no security risk in trusting the old NIEF certificate, but it will no longer be in use.  The new NIEF certificate is available for download from the NIEF Trust Fabric page.  All NIEF members should update their SAML systems to trust the new certificate.

Please contact if you have any concerns or need any assistance in updating your SAML systems.


Migration to SHA-256

In accordance with NIST SP 800-131A, NIEF will be migrating away from the use of SHA-1 by the end of 2013.  The NIEF trust fabric will no longer be published using SHA-1 digital signatures and members of NIEF will be validated to insure their SAML operations are using SHA-256 as their onboarding is updated for FICAM compliance.

Please direct any questions or concerns to