SummaryThis Recommendation defines four levels of entity authentication assurance (i.e., LoA 1 – LoA 4), and the criteria and threats for each of the four levels of entity authentication assurance. Additionally, it: • specifies a framework for managing the assurance levels; • provides guidance concerning control technologies that are to be used to mitigate authentication threats, based on a risk assessment; • provides guidance for mapping the four levels of assurance to other authentication assurance schemas; and • provides guidance for exchanging the results of authentication that are based on the four levels of assurance. |