New NIST 800-63-3 Assurance Level Attributes

As you may know, NIST recently published a new version of the NIST SP 800-63 specification. To better align with the new levels of assurance that this updated specification defines, NIEF has defined three new assurance level attributes within the NIEF Attribute Registry as a new Assurance Level Attribute Bundle.  NIEF encourages participating Identity Providers to add support for these new attributes.  These attributes do not map precisely to the legacy assurance attributes, but many of the same underlying security principles dictate the appropriate levels of assurance.  If you have any concerns about what levels of assurance are appropriate for your IDP to assert, feel free to reach out to help@nief.org.

New NIEF Signing Certificate / Key Pair

The X.509 certificate and key used to sign the NIEF trust fabric has been updated.  During the deployment of new trust fabric management tools for FICAM compliance, the old key was deleted, requiring a new key to be created.  There is no security risk in trusting the old NIEF certificate, but it will no longer be in use.  The new NIEF certificate is available for download from the NIEF Trust Fabric page.  All NIEF members should update their SAML systems to trust the new certificate.

Please contact help@gfipm.net if you have any concerns or need any assistance in updating your SAML systems.

 

Migration to SHA-256

In accordance with NIST SP 800-131A, NIEF will be migrating away from the use of SHA-1 by the end of 2013.  The NIEF trust fabric will no longer be published using SHA-1 digital signatures and members of NIEF will be validated to insure their SAML operations are using SHA-256 as their onboarding is updated for FICAM compliance.

Please direct any questions or concerns to help@gfipm.net.