Appendix E: Digital Identity Level (DIL) Determination

The digitalDigital identityIdentity Level (DIL) is represented on the page below.

Within system-characteristics there must be three entries to the props array as follows:

• name set to identity-assurance-level and a value set to 1, 2 or 3.
• name set to authenticator-assurance-level and a value set to 1, 2 or 3.
• name set to federation-assurance-level and a value set to 1, 2 or 3.
• The value of all three should match each other and align with the FIPS-199 impact level identified inof the FedRAMPsystem.
SSP template document, illustrated in the figure below, isexpressed through the following core OSCAL properties.

OSCAL Representation

<system-security-plan>plan:
  <metadata>system-characteristics:
    <!-props:
    - cutname: CSPidentity-assurance-level
      Namevalue: '2'
    --> </metadata>name: <system-characteristics>authenticator-assurance-level
      <!-value: '2'
    - Systemname: Name & Abbreviation -->
        <system-name>System's Full Name</system-name>
        <system-name-short>System's Short Name or Acronym</system-name-short>        
        <!-- FedRAMP Unique Identifier -->
        <system-id identifier-type="http://fedramp.gov">F00000000</system-id>
        <!-- cut Service Model -->
        <!-- cut Deployment Model -->

        <!-- DIL Determination -->
        <prop name="identity-assurance-level" value="1"/>
        <prop name="authenticator-assurance-level" value="1"/>
        <prop name="federation-assurance-level"level
      value="1"/>value: <!--  cut -->        
    </system-characteristics>
    <!--  cut -->     
</system-security-plan>'2'

XPath Queries

Identity Assurance Level: 
        /*/system-characteristics/prop[@name="identity-assurance-level"]/@value
    Authenticator Assurance Level: 
        /*/system-characteristics/prop[@name="authenticator-assurance-level"]/@value
    Federation Assurance Level: 
        /*/system-characteristics/prop[@name="federation-assurance-level"]/@value