This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which supersedes an earlier guideline, NIST SP 800-63, updates information about, and recommendations for the secure implementation of electronic authentication methods, reflecting changing technology and current uses of e-authentication techniques. SP 800-63-1 provides technical guidelines to assist agencies in authenticating individuals remotely accessing Federal information technology (IT) systems. The bulletin covers Office of Management and Budget (OMB) Memorandum M-04-04, E-Authentication Guidance for Federal Agencies, which directs agencies to implement e-authentication methods based on their assessments of risks and the assurance levels required to protect systems and privacy; the steps in the e-authentication process; and the technical requirements for four assurance levels. References are provided to additional sources of information on e-authentication.
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which supersedes an earlier guideline, NIST SP 800-63, updates information about, and recommendations for the secure implementation of electronic...
See full abstract
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which supersedes an earlier guideline, NIST SP 800-63, updates information about, and recommendations for the secure implementation of electronic authentication methods, reflecting changing technology and current uses of e-authentication techniques. SP 800-63-1 provides technical guidelines to assist agencies in authenticating individuals remotely accessing Federal information technology (IT) systems. The bulletin covers Office of Management and Budget (OMB) Memorandum M-04-04, E-Authentication Guidance for Federal Agencies, which directs agencies to implement e-authentication methods based on their assessments of risks and the assurance levels required to protect systems and privacy; the steps in the e-authentication process; and the technical requirements for four assurance levels. References are provided to additional sources of information on e-authentication.
Hide full abstract
Keywords
authentication; authentication assurance; electronic authentication; electronic credentials; electronic transactions; identity proofing; information security; passwords; Personal Identity Verification; privacy; Public Key Infrastructure; risk assessments; risk management; security controls; system security; tokens
