AAF Boost‎ > ‎

Compliance requirements

Are you aware of the additional compliance requirements for issuing higher levels of assurance (LoA2)?

Every year all federation subscribers must submit a statement of compliance to the rules of the federation. It is a statement of the institution that they have examined the compliance of its system, processes and documentation against its obligations under the Federation Rules, and certifies that on a particular date, it is fully compliant with the Federation Rules.

When issuing higher levels of assurance your institution must complete and submit the Extended Compliance Template. This extended compliance requires the institution to examined the compliance of its system and processes against the requirements in NIST SP 800-63-2 and certifies that on a particular date, it is compliant with the requirements for that assurance level in respect of those users. In addition a copy of the institution's practice statement detailing these processes must also be attached.

                   NIST Electronic Authentication Guideline, NIST SP - 800-63-2
                         Extended Compliance Statement Template