IA-8(6): Disassociability

Control Family:

Identification and Authentication

Parent Control:

IA-8: Identification and Authentication (non-organizational Users)

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

PF v1.0 References:

CT.DP-P1
CT.DP-P3

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Implement the following measures to disassociate user attributes or identifier assertion relationships among individuals, credential service providers, and relying parties: [Assignment: organization-defined measures].

Supplemental Guidance

Federated identity solutions can create increased privacy risks due to the tracking and profiling of individuals. Using identifier mapping tables or cryptographic techniques to blind credential service providers and relying parties from each other or to make identity attributes less visible to transmitting parties can reduce these privacy risks.