Basic Software |
This credential offers a basic level of assurance where risks and consequences of data compromise are not considered to be of major significance. Private keys are stored in a FIPS 140-2 level 1 software module. |
LoA 3 |
IAL 2 |
AAL 2 |
- Permits Remote ID Proofing
- Applicant provides document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
- Documents must be valid and unexpired
- Documents must be verified with the issuer or other authoritative source
- Issuer sends enrollment code to the postal address of record
|
|
 |
Basic Hardware |
This credential offers a basic level of assurance where risks and consequences of data compromise are not considered to be of major significance. Private keys are stored in a FIPS 140-2 level 2 or higher HSM and require two-factor authentication to activate the private key. |
LoA 3 |
IAL 2 |
AAL 3 |
- Permits Remote ID Proofing
- Applicant provides document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
- Documents must be valid and unexpired
- Documents must be verified with the issuer or other authoritative source
- Issuer sends enrollment code to the postal address of record
|
|
|
Medium Software |
This credential is appropriate for environments where risks and consequences of data compromise are moderate. Private keys are stored in a FIPS 140-2 level 1 software modules and require two-factor authentication to activate the private key. |
LoA 3 |
IAL 2 |
AAL 2 |
- In-person ID Proofing
- One national government-issued picture ID or two non-national government-issued IDs
- ID information is verified to ensure legitimacy
- All documentation must be valid and unexpired
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
|
Medium Hardware |
Highest level of assurance level assessed by SAFE. This credential offers maximum security for both identity proofing and private key protection when transacting with high value assets and information. Private keys are stored in a FIPS 140-2 level 2 or higher HSM and requires two-factor authentication to activate the private key. |
LoA 4 |
IAL 2 |
AAL 3 |
- In-Person ID Proofing
- One national government-issued picture ID or two non-national government-issued IDs
- ID information is verified to ensure legitimacy
- All documentation must be valid and unexpired
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
 |
Machine Medium Software |
This level is associated with non-human subscribers (devices) that operate in environments where risks and consequences of data compromise are moderate. This may include transactions involving access to private information where the likelihood of malicious access is substantial. At this level, there must be a human sponsor who takes responsibility for the device and who undergoes an in-person identity proofing process on behalf of the device. Private keys are stored in a software cryptographic module on the device. |
LoA 3 |
IAL 2 |
AAL 2 |
Machine Operators:
- In-person ID proofing
- Personal credential with an assurance level equal to or higher than that being requested for the machine
- Machine ID and attributes (if any)
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
|
Machine Medium Hardware |
This level is associated with non-human subscribers (devices) that operate in environments where risks and consequences of data compromise are moderate. This may include transactions involving access to private information where the likelihood of malicious access is substantial. At this level, there must be a human sponsor who takes responsibility for the device and who undergoes an in-person identity proofing process on behalf of the device. Private keys are stored in an embedded hardware module on the device. |
LoA 4 |
IAL 2 |
AAL 3 |
Machine Operators:
- In-person ID proofing
- Personal credential with an assurance level equal to or higher than that being requested for the machine
- Machine ID and attributes (if any)
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
|
Group Basic Software |
Similar to Basic Software, this assurance level is relevant to environments where risks and consequences of data compromise are not considered of major significance and hardware-based cryptographic modules are not practical. Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security. Group certificates cannot be used to assert non-repudiation in a digital signature. |
LoA 3 |
IAL 2 |
AAL 2 |
- Permits Remote ID Proofing
- There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
- Group Sponsor identifies all group members
- All group members must undergo ID Proofing
- Group members must provide document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
- Documents must be valid and unexpired
- Documents must be verified with the issuer or other authoritative source
- Issuer sends enrollment code to the postal address of record
|
|
|
Group Basic Hardware |
Similar to Basic Hardware, this assurance level is relevant to environments where risks and consequences of data compromise are not considered of major significance and for which individual identity is not a factor. Private keys are stored in FIPS 140-2 level 2 or higher hardware-based cryptographic modules that require two factors of authentication to access and activate the private key. Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security. Group certificates cannot be used to assert non-repudiation in a digital signature. |
LoA 3 |
IAL 2 |
AAL 3 |
- Permits Remote ID Proofing
- There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
- Group Sponsor identifies all group members
- All group members must undergo ID Proofing
- Group members must provide document numbers from at least two pieces of documentary evidence (i.e., drivers license, passport, etc.)
- Documents must be valid and unexpired
- Documents must be verified with the issuer or other authoritative source
- Issuer sends enrollment code to the postal address of record
|
|
|
Group Medium Software |
Similar to Medium Software, this assurance level is relevant to environments for which hardware-based cryptographic modules are not practical, and for which individual identity is not a factor. Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security. Group certificates cannot be used to assert non-repudiation in a digital signature. |
LoA 4 |
IAL 2 |
AAL 2 |
Machine Operators:
- In-person ID Proofing
- There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
- Group Sponsor identifies all group members
- All group members must undergo ID Proofing
- All group members must provide one national government-issued picture ID or two non-national government-issued IDs
- ID information is verified to ensure legitimacy
- All documentation must be valid and unexpired
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
|
Group Medium Hardware |
Similar to Medium Hardware, this assurance level is relevant to environments that require a high degree of private key protection, but for which individual identity is not a factor. Access to these private keys is shared by authorized group members, such as members of a project team, and may be used for access control, data encryption or email security. Group certificates cannot be used to assert non-repudiation in a digital signature. |
LoA 4 |
IAL 2 |
AAL3 |
Machine Operators:
- In-person ID Proofing
- There must be a designated Group Sponsor who holds an individual credential at the same or higher assurance level
- Group Sponsor identifies all group members
- All group members must undergo ID Proofing
- All group members must provide one national government-issued picture ID or two non-national government-issued IDs
- ID information is verified to ensure legitimacy
- All documentation must be valid and unexpired
|
$1,000,000 USD per incident
OR
$1,000 USD per transaction |
|