Something the cardholder possesses and controls (e.g., PIV Card or derived PIV credential) that is used to authenticate the cardholder’s identity.
Sources:
FIPS 201-3 under Authenticator

  The means used to confirm the identity of a user, process, or device (e.g., user password or token).
Sources:
CNSSI 4009-2015

  Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.
Sources:
CNSSI 4009-2015 under multifactor authentication

  Something that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See cryptographic token.
Sources:
CNSSI 4009-2015 under token

  Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity.
Sources:
NIST SP 800-12 Rev. 1 under Token

  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as atoken.
Sources:
NIST SP 800-63-3 under Authenticator

  See Authenticator.
Sources:
NIST SP 800-63-3 under Token

  A portable, user-controlled, physical device (e.g., smart card or memory stick) used to store cryptographic information and possibly also perform cryptographic functions.
Sources:
NIST SP 800-57 Part 2 Rev.1 under Token

  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity.
Sources:
NIST SP 1800-17b under Authenticator
NIST SP 1800-17c under Authenticator

  See Authenticator
Sources:
NIST SP 1800-17b under Token
NIST SP 1800-17c under Token

  Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).
Sources:
NIST SP 1800-12b under multifactor authentication

  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as a token.
Sources:
NIST SP 800-63-3 under Authenticator

  Something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.
Sources:
NIST SP 800-53 Rev. 5

  Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric).
Sources:
NIST SP 800-172A under multifactor authentication

  Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.
Sources:
NIST SP 800-171r3

  A physical object a user possesses and controls that is used to authenticate the user’s identity.
Sources:
NISTIR 7711 under Token

  A representation of a particular asset that typically relies on a blockchain or other types of distributed ledgers.
Sources:
NISTIR 8301 under Token from Taxonomic Approach to Blockchain IDMS