Seal

Guidance Documents
Vol. 34 Iss. 16 - April 02, 2018

SECRETARY OF TECHNOLOGY

The following guidance documents were developed by the Identity Management Standards Advisory Council (IMSAC), on behalf of the Secretary of Technology, pursuant to §§ 2.2-436 and 2.2-437 of the Code of Virginia. The guidance documents establish minimum specifications for digital identity systems so as to warrant liability protection pursuant to the Electronic Identity Management Act, §§ 59.1-550 through 59.1-555 of the Code of Virginia.

All guidance documents can be viewed and downloaded at no charge through the Virginia Information Technologies Agency (VITA) website at https://www.vita.virginia.gov/about/councils-committees/imsac/documents-and-definitions/. Questions regarding interpretation or implementation of these documents may be directed to Dan Wolf, Policy Director, Virginia Information Technologies Agency, 11751 Meadowville Lane, Chester, VA 23836, FAX (804) 416-6355, or email daniel.wolf@vita.virginia.gov.

IMSAC Guidance Documents:

Digital authentication: Guidance document establishes minimum specifications for authentication within a digital identity system. The minimum specifications conform with National Institute of Standards and Technology Special Publication 800-63-3.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD1Digital-Authentication102417.pdf, 12/1/2017, §§ 59.1-550 through 59.1-555

Identity proofing and verification: Guidance document establishes minimum specifications for identity proofing and verification to enable registration and authentication events within a digital identity system. The minimum specifications conform with National Institute of Standards and Technology Special Publication 800-63A.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD1AIdentityProofingVerification102417.pdf, 12/1/ 2017, §§ 59.1-550 through 59.1-555

Authenticators and lifecycle management: Guidance document establishes minimum specifications for authenticators and lifecycle management within a digital identity system. The minimum specifications conform with National Institute of Standards and Technology Special Publication 800-63B.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD1BAuthenticatorsLifecycleMgt.pdf, 12/1/2017, §§ 59.1-550 through 59.1-555

Digital identity assertions: Guidance document establishes minimum specifications for assertions in a digital identity system. The minimum specifications conform with National Institute of Standards and Technology Special Publication 800-63C.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD1CDigitalIdentityAssertions.pdf, 12/1/2017, §§ 59.1-550 through 59.1-555

Identity trust frameworks: Guidance document establishes minimum specifications for identity trust frameworks supporting digital identity systems.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD2IdentityTrustFrameworks102417.pdf, 12/1/2017, §§ 59.1-550 through 59.1-555

Privacy, security, and confidentiality of identity information: Guidance document establishes minimum specifications for the privacy, security, and confidentiality of identity information within a digital identity system. The minimum specifications apply core provisions of the Commonwealth of Virginia's Information Security Standard 501 (SEC501) and National Institute of Standards and Technology Special Publication 800-53-4.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGDPrivacySecurityConf102417.pdf, pending (Draft Date: 10/24/ 2017), §§ 59.1-550 through 59.1-555

Identity management of nonperson entities: Guidance document establishes minimum specifications for electronic identity management of Non-Person Entities (NPEs) in a digital identity system. The minimum specifications also outline a data model for interoperability and discovery of identity information on NPEs.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGDIdMNonPersonEnitity.pdf, pending (Draft Date 10/24/2017), §§ 59.1-550 through 59.1-555

Certification of trust framework operators: Guidance document establishes criteria and recommended processes for certifying compliance with the Commonwealth’s identity management minimum specifications and standards adopted pursuant to § 2.2-436.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD5CertificationTrustFramework.pdf, pending (Draft Date 10/24/ 2017), §§ 59.1-550 through 59.1-555, § 2.2-436

Trustmarks for digital identity management: Guidance document establishes minimum specifications and standards for trustmarks in digital identity systems, pursuant to the Electronic Identity Management Act.

https://www.vita.virginia.gov/media/vitavirginiagov/about/pdf/IMSACGD6Trustmarks.pdf, pending (Draft Date 10/24/ 2017), §§ 59.1-550 through 59.1-555