Page History
...
Each EAL allows one or more token types. More details on the different tokens as well as various methods for proving identity are discussed in in NIST 800-63.
Token Type | Level 1 | Level 2 | Level 3 | Level 4 |
---|---|---|---|---|
Hard Crypto Token | X | X | X | X |
One-time password device | X | X | X |
Soft Crypto Token | X | X | X |
Passwords and PINs | X | X |
It is important to note that the E-Authentication guidance does not apply to authorization. Authorization focuses on the actions permitted of an identity after authentication has taken place. Decisions concerning authorization are and should remain the purview of the business process owner.
...
e-Authentication resources
- Blank eRA form
- Sample Completed eRA Form
- NIST 800-63 Electronic Authentication Guidance