Electronic Authentication

E-Authentication artifact is applicable when the system is accessible remotely (e.g. Web)

Authentication artifact involves the following:

  • Conduct a risk assessment of the e-government system (Risk, vulnerability& threat)
  • Map identified risks to the applicable assurance level (Level 1, 2, 3 or 4)
    • Select technology based on e-authentication technical guidance (Single factor, Two factor and Multi factor)
    • Validate that the implemented system has achieved the required assurance level (Test the control)
    • Periodically reassess the system to determine technology refresh requirements (Continuous assessment)

Assurance Level

  • Level 1: Little or no confidence in the asserted identity’s validity
  • Level 2: Some confidence in the asserted identity’s validity
  • Level 3: High confidence in the asserted identity’s validity
  • Level 4: Very high confidence in the asserted identity’s validity

Authentication Method

  • Single factor- What you know (User name password, Pin)
  • Two factor-What you know and what you have (Pin and token/card
  • Multi factor what you are, where you are     and what you have (Fingerprint, IP address and token)

NIST SP 800-63
E-authentication process-OMB Memo M-04-04 http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m04-04.pdf
Sample E-Authentication

error: Content is protected !!