https://wiki.idesg.org/index.php?action=history&feed=atom&title=NIST_SP_800-63-3NIST SP 800-63-3 - Revision history2026-05-09T07:20:52ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=NIST_SP_800-63-3&diff=15781&oldid=prevTomjones: Created page with "==Full title== Electronic Authentication Guideline <br/> '''Category''': Security Control Implementation Guide <br/> '''Date''': 12/1/2011 <br/> '''Creator''': NIST <br/>..."2021-03-14T00:22:58Z<p>Created page with "==Full title== Electronic Authentication Guideline <br/> '''Category''': Security Control Implementation Guide <br/> '''Date''': 12/1/2011 <br/> '''Creator''': NIST <br/>..."</p>
<p><b>New page</b></p><div>==Full title==<br />
Electronic Authentication Guideline<br />
<br />
<br/><br />
'''Category''': Security Control Implementation Guide<br />
<br />
<br/><br />
'''Date''': 12/1/2011<br />
<br />
<br/><br />
'''Creator''': NIST<br />
<br />
<br/><br />
'''URL''': http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf<br />
<br />
<br/> <br />
'''Description''': Technical guidelines for Federal agencies implementing electronic authentication. The document lists<br />
technical requirements for the four levels assurance defined in OMB M-04-04 in the areas of identity<br />
proofing, registration, tokens, management processes, authentication protocols and assertion mechanisms.<br />
<br /><br />
<br />
'''Privacy''': Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government<br />
Act of 2002 [OMB M-03-22]. Subscribers are assumed to trust relying parties to follow "all relevant privacy<br />
policy." PII gathered during registration is required to be protected. The document also defines "private<br />
credentials", which are credentials that cannot be disclosed without compromising the token (such as<br />
symmetric keys). There is discussion of when Relying Parties may operate anonymously, and discussion of<br />
how pseudonymity may be achieved.<br />
<br />
<br /><br />
'''Security''': The document is an information security guideline. The requirements in the document are grouped into four<br />
assurance levels that provide increasing levels of trust in the authentication process.<br />
<br />
<br /><br />
'''Interoperability''': The purpose of the document is to provide sets of requirements for the OMB-04-04 Levels of Assurance. It<br />
promotes interoperability by providing a baseline set of requirements for diverse Identity Management<br />
systems.<br />
<br />
==References==</div>Tomjones