Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8736

Number 9-8-8736
Priority Critical
Description Identity Information Access Control: Service Providers should ensure that identity information is only be accessible to authorized entities subject to applicable regulation and policy. Specifically,
(a) an entity (e.g., relying party or requesting party) requesting identity data should be authenticated, and its authorization to obtain the requested information verified before access to the information is provided or the requesting identity data is exchanged.
(b) policy and rules for requesting and exchanging identity data among multiple parties involved (e.g., users, relying party and identity provider) should be clearly defined and enforced.
Network Type(s) Cable; Internet/Data; Satellite; Wireless; Wireline
Industry Role(s) Service Provider
Keyword(s) Cyber Security;Encryption;Information Protection;Intrusion Detection;
Reference/Comments ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework