Establish multiple levels of assurance for electronic identities, with attributes and requirements for their issuance. Multiple levels are needed to conduct the varied functions of the university, but can be handled without subjecting all users to the most rigorous levels of security
All electronic identities and accounts issued and maintained through the university’s IdM Directory Registry and GatorLink Account processes.
See the chart at the bottom of this document for the minimal attribute requirements for all each Identity Assurance Profile (IAP) defined in this standard. Eligibility for each IAP is conditional on having an appropriate UF Affiliation, which are listed in the UF Affiliation Reference.
Identity Assurance Profiles (IAPs)
UF FISMA Moderate Affiliate
UF FISMA Moderate offers a federal compliant FISMA Moderate certified proofing and Identity level. The user has been certified by UF proofing agents, possesses Multi-‐‑Factor Authentication (MFA) capable credentials and has had no events to risk those credentials since the most recent proofing. This level is intended to comply with requirements for the NIST Level of Assurance 3 for credentials. UF FISMA Moderate identities are assigned a UF Password Complexity level of P6. Only qualified workforce members as defined in the UF FISMA Moderate Proofing Procedure may be assigned a UF FISMA Moderate profile. The user must also possess the UF FISMA Moderate approved MFA capability prior to proofing.
UF Proofing Agents serving as Registration Authorities for FISMA Moderate profiles
must verify a person’s identity and the specified Minimal Attributes Required before
granting a UF FISMA Moderate profile credential.
UF Blue Assurance
UF Blue offers a high level of assurance that an identity maps to the appropriate person. Qualified faculty, staff, students and workforce members with UF Bronze are assigned the Blue Assurance Level by enrolling in Two-Factor Authentication, and revert to Bronze if Two-Factor Authentication is removed.
UF Bronze Assurance
UF Bronze is the default profile for active students, employees, and workforce members. The identity must have the Minimal Attributes Required, and UF Bronze identities may be assigned any UF Password Complexity level.
No in-person review of the credential is required for UF Bronze.
UF Basic Assurance
UF Basic Affiliate level is granted to anyone who has self-asserted their identity, or for whose identity is known by virtue of UF entered directory affiliations and the minimal attributes for this IAP. Examples include student applicants, library patrons, and selfregistration through a Learning Support System (such as to complete non-credit courses). This level is also assigned to students and workforce members who do not have the minimal attributes available for the Bronze profile.
UF Guest Assurance
UF Guest is a short-term temporary access level, for visitors to the UF campus who require temporary access to minimal services. Guests are not eligible for a permanent GatorLink ID and not listed in the IdM directory registry. Examples are seminar participants needing Internet access.
Guest identities are not eligible for promotion to any other IAP.
Minimal Attributes Required for Each IAP
|UF FISMA Moderate||UF Blue||UF Bronze||UF Basic||UF Guest|
|Date of Birth||X||X||X||X|
|UF business e-mail address||X||X||X||X||X|
|Workplace phone number||X||Only for Employees||Only for Employees|
|Phone Number (workplace or personal)||X||X||X||X||X|
|Social Security Number OR Passport Number||X||X||X|
|Personal e-mail address||X|
|Two-Factor Authentication Required||X||X|
- IAM-001: Identity Management Policy
- UF Affiliations Reference http://identity.it.ufl.edu/identity-coordination/uf-directoryaffiliations/reference/
- AC-002.02: Password Complexity Standard
- NIST 800-63: Electronic Authentication Guideline
- Federal Identity, Credentialing and Access Management Trust Framework Provider for Adoption Process (TFPAP) For Levels of Assurance 1, 2, and Non-PKI 3 Version 1.0.1
- UF FISMA Moderate Proofing Procedure
- UF Blue Registration and Proofing Procedure
January 24, 2018