Appendix E: Digital Identity Level (DIL) Determination
The digital identity level identified in the FedRAMP SSP template document, illustrated in the figure below, isexpressed through the following core OSCAL properties.
OSCAL Representation
<system-security-plan>
<metadata>
<!-- cut CSP Name -->
</metadata>
<system-characteristics>
<!-- System Name & Abbreviation -->
<system-name>System's Full Name</system-name>
<system-name-short>System's Short Name or Acronym</system-name-short>
<!-- FedRAMP Unique Identifier -->
<system-id identifier-type="http://fedramp.gov">F00000000</system-id>
<!-- cut Service Model -->
<!-- cut Deployment Model -->
<!-- DIL Determination -->
<prop name="identity-assurance-level" value="1"/>
<prop name="authenticator-assurance-level" value="1"/>
<prop name="federation-assurance-level" value="1"/>
<!-- cut -->
</system-characteristics>
<!-- cut -->
</system-security-plan>
OSCAL Allowed Values
Valid IAL, AAL, and FAL values (as defined by NIST SP 800-63):
- 1
- 2
- 3
XPath Queries
Identity Assurance Level:
/*/system-characteristics/prop[@name="identity-assurance-level"]/@value
Authenticator Assurance Level:
/*/system-characteristics/prop[@name="authenticator-assurance-level"]/@value
Federation Assurance Level:
/*/system-characteristics/prop[@name="federation-assurance-level"]/@value