...
Impact Categories | Significant | Impact | Assurance Level |
|---|---|---|---|
Inconvenience, distress or damage to standing or reputation | Low No | Mod | 2/3 |
Financial loss or agency liability | Low No | Mod | 2/3 |
Agency liability | Low No | Mod | 2/3 |
Harm to agency programs or public interests | N/A No | Low | 2 |
Unauthorized release of sensitive information | N/A No | Low | 2 |
Personal Safety | N/A | N/A | |
Civil or criminal violations | N/A No | Low Moderate | 2 3 |
Proposed OMB Assurance Level to Mitigate Business Risk
Lowest Assurance Level that Mitigates All Impact Categories | Mitigating Controls | Proposed Appropriate Assurance Level with Consideration of Mitigating Controls | Proposed E-signature Approach Alternative |
|---|---|---|---|
Level 2: Some 3---...appropriate for transactions needing high confidence in the asserted identity's validity accuracy. People may use Level 3 credentials to access restricted web services without the need for additional identity assertion controls. | Multiple sources of information, some with counter-balancing incentives. | Level 2: Some confidence in the asserted identity's validity ---On balance, confidence exists that the asserted identity is accurate. Level 2 credentials are appropriate for a wide range of business with the public where agencies require an initial identity assertion (the details of which are verified independently prior to any Federal action). | NPS-like |