IA-8(6): Disassociability

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Implement the following measures to disassociate user attributes or identifier assertion relationships among individuals, credential service providers, and relying parties: [Assignment: organization-defined measures].

Supplemental Guidance

Federated identity solutions can create increased privacy risks due to the tracking and profiling of individuals. Using identifier mapping tables or cryptographic techniques to blind credential service providers and relying parties from each other or to make identity attributes less visible to transmitting parties can reduce these privacy risks.