content validation priority list

---
layout: raw-data.njk
title: "content validation priority list"
---

# Content Validation Priority List

**Purpose:** Systematic checklist for manual content accuracy validation using MCP server
**Document:** `/ConsolidatedStandards/ManualReview/syncopate-draft/1--2025-11-21--en.md` (7,006 lines)
**Method:** VS Code selection + MCP queries + ClaudeUpdateLog.md tracking

---

## Priority 1: Core Standards Controls (CRITICAL) ⚠️

**Why:** Cannot be modified - must verify exact preservation of all 109 controls
**Estimated Effort:** 4-6 hours
**Method:** Systematic line-by-line verification against source standards

### Federation Assurance Standard Controls
- [ ] **Lines ~1050-1500** - Federation controls
- [ ] Verify all control numbers match source exactly
- [ ] Verify all control text is word-for-word from source
- [ ] Verify all mandatory language (must/shall) is unchanged

### Information Assurance Standard Controls
- [ ] **Lines ~3800-4150** - Information Assurance controls
- [ ] Verify control preservation
- [ ] Check LoA requirements accuracy
- [ ] Verify evidence type specifications

### Authentication Assurance Standard Controls
- [ ] **Lines ~2600-3500** - Authentication controls
- [ ] Verify authenticator requirements
- [ ] Check cryptographic specifications
- [ ] Verify LoA mappings

### Binding Assurance Standard Controls
- [ ] **Lines ~3800-4150** - Binding controls
- [ ] Verify binding process requirements
- [ ] Check evidence specifications
- [ ] Verify LoA thresholds

---

## Priority 2: Mandatory Conformance Language (HIGH) ⚠️

**Why:** Incorrect scoping could mislead conformance assessments
**Estimated Effort:** 2-3 hours
**Method:** Search for modal verbs, verify each mandatory statement

### Conformance Section
- [ ] **Lines 27-450** - Section 1: Understanding Conformance
- [ ] Lines 56-65: Mandatory conformance requirements
- [ ] Lines 67-74: Voluntary conformance process
- [ ] Lines 79-104: Role definitions and applicable standards

### Level of Assurance Requirements
- [ ] **Lines 800-950** - LoA selection requirements
- [ ] Lines 850-880: LoA selection criteria
- [ ] Lines 900-930: Risk assessment requirements
- [ ] Verify all "must" statements are accurately scoped

### DISTF Integration Requirements
- [ ] **Lines 150-250** - DISTF accreditation requirements
- [ ] Verify mandatory vs voluntary distinction
- [ ] Check legislative reference accuracy

---

## Priority 3: Newly Synthesized Content (MEDIUM) ⚠️

**Why:** Consolidation from multiple sources may introduce interpretation errors
**Estimated Effort:** 3-4 hours
**Method:** Targeted MCP queries on synthesized sections

### Counter-Fraud Techniques
- [ ] **Lines 470-575** - Counter-fraud guidance
- [ ] Lines 485-499: Evidence design processes
- [ ] Lines 531-560: Fraud detection techniques
- [ ] Verify each technique description against source
- [ ] Check that all 9 virtual container citations are accurate

### Authentication Methods Overview
- [ ] **Lines 2580-2650** - Authentication factor types
- [ ] Lines 2584-2608: Factor type definitions
- [ ] Lines 2610-2650: Factor combination requirements
- [ ] Cross-reference with authenticator-types guidance

### Cross-Standard Integration
- [ ] **Lines 1000-1100** - How standards work together
- [ ] Lines 1041-1080: Federation Assurance overview
- [ ] Verify relationships between standards are accurate
- [ ] Check no contradictions with source documents

### Biometric Authentication Guidance
- [ ] **Lines 3350-3400** - Biometric accuracy requirements
- [ ] Lines 3363-3380: Probabilistic nature explanation
- [ ] Lines 3380-3400: Multi-factor requirements
- [ ] Verify technical specifications match source

---

## Priority 4: Technical Requirements (MEDIUM)

**Why:** Technical precision essential for implementation
**Estimated Effort:** 2-3 hours
**Method:** Verify technical claims against source documents

### Cryptographic Standards
- [ ] **Lines 2700-2850** - Cryptographic requirements
- [ ] Lines 2785-2810: Encryption standards for LoA2
- [ ] Lines 2832-2860: Encryption standards for LoA3
- [ ] Lines 2885-2920: Encryption standards for LoA4
- [ ] Verify algorithm specifications match source

### Biometric Specifications
- [ ] **Lines 3300-3400** - Biometric accuracy controls
- [ ] FAR/FRR threshold requirements
- [ ] Liveness detection requirements
- [ ] Anti-spoofing measures

### Authenticator Lifecycle
- [ ] **Lines 2960-3000** - Authenticator management
- [ ] Lines 2961-2980: Lifecycle controls for different LoAs
- [ ] Verify expiry and renewal requirements

### Session Management
- [ ] **Lines 3450-3550** - Session and re-authentication
- [ ] Lines 3474-3490: Session timeout requirements
- [ ] Lines 3500-3530: Re-authentication triggers
- [ ] Check timeout values match source specifications

---

## Priority 5: Lower-Risk Content (LOW) ℹ️

**Why:** Errors here have minimal conformance impact
**Estimated Effort:** 1-2 hours (spot-check only)
**Method:** Selective verification or defer to stakeholder review

### Introductory Content
- [ ] **Lines 33-50** - "Why Conform?" section (spot-check)
- [ ] **Lines 450-470** - Counter-fraud introduction (spot-check)

### Navigation Guidance
- [ ] **Lines 600-700** - "How to Use This Document" (optional)
- [ ] Structure and workflow explanations (optional)

### Process Descriptions (Non-Normative)
- [ ] General identification management concepts
- [ ] Background and context sections
- [ ] Examples and illustrations (if any)

---

## Validation Workflow Per Section

For each section in Priority 1-4:

1. **Read** the section in VS Code
2. **Identify** claims, requirements, or technical specifications
3. **Select** text requiring verification
4. **Query** MCP server to retrieve source content:
   ```
   - semantic_search for related content
   - get_hierarchical_context for surrounding sections
   - find_semantic_neighbors for additional context
   ```
5. **Compare** consolidated text against source content
6. **Correct** any inaccuracies, overgeneralizations, or misrepresentations
7. **Update** ClaudeUpdateLog.md with:
   - Timestamp
   - Line numbers
   - Issue description
   - Correction made
   - Verification method (MCP query used)
8. **Mark** checklist item as complete

---

## Tracking Progress

### Current Status
- [x] Citation technical validation complete (493 citations, 98.4% valid)
- [x] Validation infrastructure in place
- [ ] Priority 1 content validation (0% complete)
- [ ] Priority 2 content validation (0% complete)
- [ ] Priority 3 content validation (0% complete)
- [ ] Priority 4 content validation (0% complete)
- [ ] Priority 5 content validation (0% complete)

### Estimated Time to Completion
- **Priority 1-2 (Critical/High):** 6-9 hours
- **Priority 3-4 (Medium):** 5-7 hours
- **Priority 5 (Low):** 1-2 hours (optional)
- **Total:** 12-18 hours over multiple sessions

### Session Planning Suggestion
- **Session 1:** Priority 1 - Federation Assurance controls (1.5-2 hours)
- **Session 2:** Priority 1 - Information Assurance controls (1.5-2 hours)
- **Session 3:** Priority 1 - Authentication Assurance controls (2-3 hours)
- **Session 4:** Priority 1 - Binding Assurance controls (1.5-2 hours)
- **Session 5:** Priority 2 - Mandatory conformance language (2-3 hours)
- **Session 6:** Priority 3 - Synthesized content (3-4 hours)
- **Session 7:** Priority 4 - Technical requirements (2-3 hours)
- **Session 8:** Priority 5 - Spot-check lower-risk (1 hour, optional)

---

## MCP Query Examples for Validation

### Example 1: Verify a mandatory conformance statement
```
User selects text: "You must conform with the Identification Standards if you seek DISTF accreditation"

Claude uses MCP:
semantic_search("DISTF accreditation conformance requirement mandatory")
→ Retrieves source content
→ Compares against selected text
→ Confirms accuracy or suggests correction
```

### Example 2: Verify a control number and text
```
User selects: "Control IA.2.1: The Relying Party must verify..."

Claude uses MCP:
search_by_document("information-assurance-standard/2024")
get_hierarchical_context("nz/identification-management/information-assurance-standard/2024/en/#part2-para1")
→ Retrieves exact control text
→ Verifies word-for-word match
```

### Example 3: Verify technical specification
```
User selects: "LoA3 requires FIPS 140-2 Level 2 or higher"

Claude uses MCP:
semantic_search("LoA3 FIPS 140-2 cryptographic requirements")
→ Retrieves relevant technical specifications
→ Verifies requirement accuracy and scoping
```

---

## Quality Gates

Before marking validation complete, ensure:

- [ ] All Priority 1 items verified (100% of core controls)
- [ ] All Priority 2 items verified (100% of mandatory language)
- [ ] At least 80% of Priority 3 items verified
- [ ] At least 60% of Priority 4 items verified
- [ ] All corrections tracked in ClaudeUpdateLog.md
- [ ] No unresolved discrepancies remain
- [ ] All citations for corrected content verified

---

## Notes
- Update this checklist as you complete each section
- Add notes about particular issues or patterns discovered
- If you find systematic issues, note them for broader review
- Document any ambiguities that require stakeholder input

**Last Updated:** 2025-11-21
**Status:** Ready to begin Priority 1 validation