1
Scope
2
References
3
Definitions
3.1
Terms defined elsewhere
3.2
Terms defined in this Recommendation
4
Abbreviations and acronyms
5
Conventions
6
Levels of assurance
6.1
Level of assurance 1 (LoA1)
6.2
Level of assurance 2 (LoA2)
6.3
Level of assurance 3 (LoA3)
6.4
Level of assurance 4 (LoA4)
6.5
Selecting the appropriate level of assurance
6.6
LoA mapping and interoperability
6.7
Exchanging authentication results based on the 4 LoAs
7
Actors
7.1
Entity
7.2
Credential service provider
7.3
Registration authority
7.4
Relying party
7.5
Verifier
7.6
Trusted third party
8
Entity authentication assurance framework phases
8.1
Enrolment phase
8.2
Credential management phase
8.3
Entity authentication phase
9
Management and organizational considerations
9.1
Service establishment
9.2
Legal and contractual compliance
9.3
Financial provisions
9.4
Information security management and audit
9.5
External service components
9.6
Operational infrastructure
9.7
Measuring operational capabilities
10
Threats and controls
10.1
Threats to, and controls for, the enrolment phase
10.2
Threats to, and controls for, the credential management phase
10.3
Threats to, and controls for, the authentication phase
11
Service assurance criteria
Annex A – Characteristics of a credential
Appendix I – Privacy and protection of PII
Bibliography