NIST releases draft guide on authentication

The National Institute of Standards and Technology is seeking public comments on draft recommendations for electronic authentication.

NIST Special Publication 800-63 follows guidelines from the Office of Management and Budget defining four levels of authentication assurance for federal IT systems. To read the NIST draft, go to www.gcn.com and enter 191 in the GCN.com/search box.

The levels indicate increasingly serious risks of authentication errors or misuse of electronic credentials. Making an online reservation for a national park campsite, for example, carries less risk than online filing of financial information.

The guidelines present technical requirements for identity proofing, tokens, remote authentication and assertion mechanisms at each level of assurance.

NIST will accept comments on the proposed recommendations until March 15 at eauth-comments@nist.govM.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above