Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-17

Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers

Date Published: July 2019


William Newhouse (NIST), Brian Johnson (MITRE), Sarah Kinling (MITRE), Jason Kuruvilla (MITRE), Blaine Mulugeta (MITRE), Kenneth Sandlin (MITRE)



electronic commerce (e-commerce) security; internet shopping security; multifactor authentication (MFA)
Control Families

None selected


Download URL

Supplemental Material:
SP 1800-17 files
Project homepage

Related NIST Publications:
Project Description

Document History:
08/22/18: SP 1800-17 (Draft)
07/30/19: SP 1800-17 (Final)