The DIRA playbook should have a section on additional considerations which may not be specific to the DIRA process. For example:
- If the DIRA requires a phishing-resistant AAL2 but the recovery process is a phishable AAL2, that is a risk.
- If re-authentication at each attempt is not required, include a link to the NIST 800-63 table on re-authentication time frames
The DIRA playbook should have a section on additional considerations which may not be specific to the DIRA process. For example: