Update for ITLC - April 2013
Next Steps Identified in Sept 2011 and Update on Status
Task | Update |
---|---|
Continue with plan to use InCommon Silver rather than UC Trust audit framework (continue "waiving" UC Trust Basic audit requirement for minimum one more year) | No campus has yet certified at InCommon Silver. All campuses except UC Hastings, which just joined the federation, are now out of compliance the UC Trust requirement to audit IAM systems and practices two years after self-certifying compliance when joining UC Trust. |
Await revised certification plan and guidelines due from InCommon in the next couple months | InCommon has a formal assurance certification plan now in place. Only one university in the country, Virginia Tech, has certified at InCommon Silver, and their implementation is for a relatively small set of people. |
Review this revised plan at each campus and finalize resource requirements | Mostly completed. Resource estimates are posted in the update to ITLC from Sept. 2011: Update for ITLC - September 2011 |
ITLC as a group and at each campus will need to make determination on resource assignment and priority | Most campuses reported that InCommon Silver is not currently on their priority roadmap for these primary reasons:
|
All campuses should begin the process of documenting current practices using the InCommon Silver framework | No currently started consistently across campuses - see above. |
Begin work to establish an audit framework that will make InCommon Silver audits as efficient as possible. The UC Trust workgroup recommended a multi-campus audit team be formed, with representation from internal audit from 3-5 campuses. Karl Heins volunteered to provide leadership and guidance to this group. | Karl Heins passed away. No other current staff member is available with the same background and expertise to lead this cross-campus effort. UCSB's efforts to initiate an audit and share experience might help here. UC could also contract with an organization like Kantara to provide audit services to campuses. |
New Next Steps
- To enable InCommon Silver certification at all campuses, UC Path requirements should be re-evaluated to include the generation of a token that can be used to bootstrap digital identity at each campus. Without this, every campus will have to implement identity vetting processes that duplicate the HR I-9 process in order to meet InCommon Silver requirements
- UCSB plans InCommon Bronze certification soon
- UCB has a funded project for InCommon Silver, but that project is moving slowly due to the competing priorities noted above
- UC should consider creating a shared audit team, or broach Kantara for a quote for their services
- Each CIO should review InCommon Silver resource requirements at his/her campus and determine a timeframe to bring their campus into compliance