The IT Law Wiki
Register
Line 7: Line 7:
 
[[E-authentication]] presents a technical challenge when this process involves the [[remote authentication]] of individual people over a [[network]], for the purpose of [[electronic government]] and [[e-commerce|commerce]]. This recommendation provides technical guidance to agencies to allow an individual person to [[remote authentication|remotely authenticate]] his/her identity to a federal [[IT system]]. This guidance addresses only traditional, widely implemented methods for [[remote authentication]] based on [[secret]]s. With these methods, the individual to be [[authenticate]]d proves that he or she knows or possesses some [[secret information]]. [[NIST]] expects to explore other means of [[remote authentication]] (for example using [[biometric]]s, or by extensive knowledge of private, but not truly secret, [[personal information]]) and may develop additional guidance on the use of these methods for [[remote authentication]].
 
[[E-authentication]] presents a technical challenge when this process involves the [[remote authentication]] of individual people over a [[network]], for the purpose of [[electronic government]] and [[e-commerce|commerce]]. This recommendation provides technical guidance to agencies to allow an individual person to [[remote authentication|remotely authenticate]] his/her identity to a federal [[IT system]]. This guidance addresses only traditional, widely implemented methods for [[remote authentication]] based on [[secret]]s. With these methods, the individual to be [[authenticate]]d proves that he or she knows or possesses some [[secret information]]. [[NIST]] expects to explore other means of [[remote authentication]] (for example using [[biometric]]s, or by extensive knowledge of private, but not truly secret, [[personal information]]) and may develop additional guidance on the use of these methods for [[remote authentication]].
   
This document has been developed by the [[National Institute of Standards and Technology]] ([[NIST]]) in furtherance of its statutory responsibilities under the [[Federal Information Security Management Act]] ([[FISMA]]) of 2002, Pub. L. No. 107-347.
+
This document was developed by the [[National Institute of Standards and Technology]] ([[NIST]]) in furtherance of its statutory responsibilities under the [[Federal Information Security Management Act]] ([[FISMA]]) of 2002, Pub. L. No. 107-347.
   
 
This document supplements [[OMB]], "E-Authentication Guidance for Federal Agencies," [[OMB Memorandum M-04-04]].
 
This document supplements [[OMB]], "E-Authentication Guidance for Federal Agencies," [[OMB Memorandum M-04-04]].

Revision as of 18:00, 28 April 2012

Citation

NIST, Electronic Authentication Guideline (NIST Special Publication 800-63) (Apr. 2006) (full-text).

Overview

E-authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. This recommendation provides technical guidance to agencies to allow an individual person to remotely authenticate his/her identity to a federal IT system. This guidance addresses only traditional, widely implemented methods for remote authentication based on secrets. With these methods, the individual to be authenticated proves that he or she knows or possesses some secret information. NIST expects to explore other means of remote authentication (for example using biometrics, or by extensive knowledge of private, but not truly secret, personal information) and may develop additional guidance on the use of these methods for remote authentication.

This document was developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Pub. L. No. 107-347.

This document supplements OMB, "E-Authentication Guidance for Federal Agencies," OMB Memorandum M-04-04.