The Guideline on Defining Authentication Requirements defines a two-step process. Step 1: Determine assurance level requirement, and Step 2: Determine authentication options, including compensating factors and other safeguards.
The Guideline on Defining Authentication Requirements provides an output of Identity Assurance Level Request that used as input into the Guideline on Identity Assurance. The Guideline on Identity Assurance, taking into account identity context, is used to assist implementing identity assurance level requirements.
The Guideline on Defining Authentication Requirements also provides the outputs of Credential Assurance Requirement and Authentication Requirements. These are used as inputs into ITSG-31 User Authentication Guidance for IT Systems and ITSG-33 IT Security Risk Management: A Lifecycle Approach.
When taken together, the outputs of the guidelines may be used to assist in the decisions of federating credentials or federating identity, which are enablers to federation.
Return to the Complete Text