The IT Law Wiki

This wiki's URL has been migrated to the primary fandom.com domain.Read more here

READ MORE

The IT Law Wiki
(Created page with "== Citation == NIST, Information Security, '''NIST Special Publication 800-63''' (Apr. 2006) ([http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf full-text…")
 
Line 5: Line 5:
 
== Overview ==
 
== Overview ==
   
  +
[[E-authentication]] presents a technical challenge when this process involves the [[remote authentication]] of individual people over a [[network]], for the purpose of [[electronic government]] and [[e-commerce|commerce]]. This recommendation provides technical guidance to agencies to allow an individual person to [[remote authentication|remotely authenticate]] his/her identity to a federal [[IT system]]. This guidance addresses only traditional, widely implemented methods for [[remote authentication]] based on [[secret]]s. With these methods, the individual to be [[authenticate]]d proves that he or she knows or possesses some [[secret information]]. [[NIST]] expects to explore other means of [[remote authentication]] (for example using [[biometric]]s, or by extensive knowledge of private, but not truly secret, [[personal information]]) and may develop additional guidance on the use of these methods for [[remote authentication]].
This document provides technical guidance to federal agencies implementing [[electronic authentication]]. The recommendation covers [[remote authentication]] of [[user]]s over [[open network]]s. It defines technical requirements for each of four levels of [[assurance]] in the areas of [[identity proofing]], registration, [[token]]s, [[authentication protocol]]s and related assertions.
 
   
 
This document has been developed by the [[National Institute of Standards and Technology]] ([[NIST]]) in furtherance of its statutory responsibilities under the [[Federal Information Security Management Act]] ([[FISMA]]) of 2002, Pub. L. No. 107-347.
 
This document has been developed by the [[National Institute of Standards and Technology]] ([[NIST]]) in furtherance of its statutory responsibilities under the [[Federal Information Security Management Act]] ([[FISMA]]) of 2002, Pub. L. No. 107-347.

Revision as of 18:28, 18 December 2010

Citation

NIST, Information Security, NIST Special Publication 800-63 (Apr. 2006) (full-text).

Overview

E-authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. This recommendation provides technical guidance to agencies to allow an individual person to remotely authenticate his/her identity to a federal IT system. This guidance addresses only traditional, widely implemented methods for remote authentication based on secrets. With these methods, the individual to be authenticated proves that he or she knows or possesses some secret information. NIST expects to explore other means of remote authentication (for example using biometrics, or by extensive knowledge of private, but not truly secret, personal information) and may develop additional guidance on the use of these methods for remote authentication.

This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Pub. L. No. 107-347.