Versions Compared

Version Old Version 27 New Version 28
Changes made by

Larry Talley - NOAA Federal

Larry Talley - NOAA Federal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Lowest Assurance Level that Mitigates All Impact Categories

Mitigating Controls

Appropriate Assurance Level with Consideration of Mitigating Controls

Proposed E-signature Alternative

Level 3---...appropriate for transactions needing high confidence in the asserted identity's accuracy. People may use Level 3 credentials to access restricted web services without the need for additional identity assertion controls.

Multiple sources of information, some with counter-balancing incentives.  The VMS system provides independent confirmation of the vessel's location. Mandatory landing reports (fish tickets) provide independent confirmation of retained catch.

Vessels reporting are permitted and have an ongoing "trusted relationship" with NMFS.

NMFS has established a certification process for e-logbook applications.  When certified (trusted) software is capturing and accumulating data locally, and the accumulated data is then transferred on portable media from the vessel to NMFS, there are many fewer vulnerabilities than would exist in a typical online system.

Approved e-logbook software solutions are required to contain a unique identifier for each e-logbook installation.  Through this unique identifier each logbook submission can be tied to a particular instance of the e-logbook software, and therefore to a particular vessel.

Level 2---On balance, confidence exists that the asserted identity is accurate. Level 2 credentials are appropriate for a wide range of business with the public where agencies require an initial identity assertion (the details of which are verified independently prior to any Federal action).


NPS-like