# Identity Proofing and Enrollment One-sentence definition: Processes to verify a person’s real-world identity before issuing credentials. ## Key Facts - Methods: document checks, liveness/video, HR/background validation. - Strength tiers: in-person high assurance vs remote lower assurance. - Bind proofing event to identifier and authenticator issuance. - Record evidence securely; protect PII; re-proof on risk triggers. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick stronger proofing for high-impact roles (e.g., admins). **Mnemonic:** “**Prove** before **provide** (credentials).” ## Mini Scenario Q: Helpdesk resets MFA via email only—risk/fix? A: Weak proofing; require stronger identity verification. ## Revision Checklist - Two proofing techniques. - Evidence storage principle. - Re-proof triggers. ## Related [[Authentication Factors and MFA]] · [[Passwordless and FIDO2 WebAuthn]] · [[Directory Services (LDAP and Active Directory)]] · [[Account Recovery and Break-Glass Procedures]] · [[Identity Lifecycle (Joiner Mover Leaver)]] · [[Domain 5 - Index]]