Please find the policies strengths and weaknesses, this is for an Audit report:

Purpose:

Establish multiple levels of assurance for electronic identities, with attributes and requirements for their issuance. Multiple levels are needed to conduct the varied functions of the university, but can be handled without subjecting all users to the most rigorous levels of security.

Scope:

All electronic identities and accounts issued and maintained through the universitys IdM Directory Registry and GatorLink Account processes.

Standard:

See the chart at the bottom of this document for the minimal attribute requirements for all each Identity Assurance Profile (IAP) defined in this standard.

Identity Assurance Profiles (IAPs)

UF FISMA MODERATE AFFILIATE

UF FISMA Moderate offers a federal compliant FISMA Moderate certified proofing and Identity level. The user has been certified by UF proofing agents, possesses Multi-Factor Authentication (MFA) capable credentials and has had no events to risk those credentials since the most recent proofing. This level is intended to comply with requirements for the NIST Level of Assurance 3 for credentials. UF FISMA Moderate identities are assigned a UF Password Complexity level of P6. Only qualified workforce members as defined in the UF FISMA Moderate Proofing Procedure may be assigned a UF FISMA Moderate profile. The user must also possess the UF FISMA Moderate approved MFA capability prior to proofing.

UF Proofing Agents serving as Registration Authorities for FISMA Moderate profiles must verify a persons identity and the specified Minimal Attributes Required before granting a UF FISMA Moderate profile credential.

UF SILVER AFFILIATE

UF Silver offers a high level of assurance that an identity maps to the appropriate person and is intended to comply with requirements for the NIST Level of Assurance 2. UF Silver identities are assigned UF Password Complexity level P4 or higher. Only qualified faculty, staff, students and workforce members as defined in the UF Silver Registration Proofing Procedure may be assigned a UF Silver profile.

UF IdM Coordinators serving as Registration Authorities must verify a persons identity in person and with the specified Minimal Required Attributes before granting a UF Silver profile credential.

UF BRONZE AFFILIATE

UF Bronze is the default profile for active students, employees, and workforce members. The identity must have the Minimal Attributes Required for Bronze and is intended to comply with requirements for the NIST Level of Assurance 1. UF Bronze identities may be assigned any UF Password Complexity level.

No in-person review of the credential is required for UF Bronze.

UF BASIC AFFILIATE

UF Basic Affiliate level is asserted for all active members of the university community who, by virtue of UF entered directory affiliations and the minimal attributes for this IAP, are considered well known enough to the institution to enable Basic access for GatorLink. In these cases, the user is known by virtue of a UF application system or by an IdM Coordinator. Examples include student applicants, library patrons, and other affiliates. This level is also assigned to students and workforce members who do not have the minimal attributes available for the Bronze profile.

UF SELF-ASSERTED

UF Self-Asserted level is granted to people who may need to obtain a GatorLink ID for the mutual benefit of UF and the account holder. The individual has used a UF interface to assert their identity through an online automated interface without vetting from UF representatives. It is used to register for various activities offered through the Learning Support System and for initial contact with UF Applicants for admission. Examples include registrants in non-credit distance learning activities or extension service programs.

UF GUEST

UF Guest is a short-term temporary access level, for visitors to the UF campus who require temporary access to minimal services. Guests are not eligible for a permanent GatorLink ID and not listed in the IdM directory registry. Examples are seminar participants needing Internet access.

Guest identities are not eligible for promotion to any other IAP.

UF Self UF FISMA Moderate UF Silver UF Bronze Basic Asserted Guest Business Name UFID Number Date of Birth UF business e- mail address Workplace Employees Employees phone number Workplace Employees Employees street address Permanent or local street address Students &Students & non employees employees non Social Security Number OR passport number Personal e-mail address Mobile phone number (work or personal) X (optional, but must have alternate method of MFA) MFA type