Guideline on Identity Assurance

Supports implementation of the minimum requirements for establishing the identity of an individual to a given level of assurance.
Date modified: 2016-03-04

Supporting tools



More information




Print-friendly XML

Long description for image: /pol-cont/30678-01-eng.JPG

The Guideline on Defining Authentication Requirements defines a two-step process. Step 1: Determine assurance level requirement, and Step 2: Determine authentication options, including compensating factors and other safeguards.

The Guideline on Defining Authentication Requirements provides an output of Identity Assurance Level Request that used as input into the Guideline on Identity Assurance. The Guideline on Identity Assurance, taking into account identity context, is used to assist implementing identity assurance level requirements.

The Guideline on Defining Authentication Requirements also provides the outputs of Credential Assurance Requirement and Authentication Requirements. These are used as inputs into ITSG-31 User Authentication Guidance for IT Systems and ITSG-33 IT Security Risk Management: A Lifecycle Approach.

When taken together, the outputs of the guidelines may be used to assist in the decisions of federating credentials or federating identity, which are enablers to federation.

Return to the Complete Text

Date modified: