Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of their Information Systems

Published: December 22, 2011

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which supersedes an earlier guideline, NIST SP 800-63, updates information about, and recommendations for the secure implementation of electronic authentication methods, reflecting changing technology and current uses of e-authentication techniques. SP 800-63-1 provides technical guidelines to assist agencies in authenticating individuals remotely accessing Federal information technology (IT) systems. The bulletin covers Office of Management and Budget (OMB) Memorandum M-04-04, E-Authentication Guidance for Federal Agencies, which directs agencies to implement e-authentication methods based on their assessments of risks and the assurance levels required to protect systems and privacy; the steps in the e-authentication process; and the technical requirements for four assurance levels. References are provided to additional sources of information on e-authentication.
Citation: ITL Bulletin -
NIST Pub Series: ITL Bulletin
Pub Type: NIST Pubs

Download Paper

Keywords

authentication, authentication assurance, electronic authentication, electronic credentials, electronic transactions, identity proofing, information security, passwords, Personal Identity Verification, privacy, Public Key Infrastructure, risk assessments, risk management, security controls, system security, tokens
Created December 22, 2011, Updated February 19, 2017