E-Authentication artifact is applicable when the system is accessible remotely (e.g. Web)
Authentication artifact involves the following:
- Conduct a risk assessment of the e-government system (Risk, vulnerability& threat)
- Map identified risks to the applicable assurance level (Level 1, 2, 3 or 4)
- Select technology based on e-authentication technical guidance (Single factor, Two factor and Multi factor)
- Validate that the implemented system has achieved the required assurance level (Test the control)
- Periodically reassess the system to determine technology refresh requirements (Continuous assessment)
Assurance Level
- Level 1: Little or no confidence in the asserted identity’s validity
- Level 2: Some confidence in the asserted identity’s validity
- Level 3: High confidence in the asserted identity’s validity
- Level 4: Very high confidence in the asserted identity’s validity
Authentication Method
- Single factor- What you know (User name password, Pin)
- Two factor-What you know and what you have (Pin and token/card
- Multi factor what you are, where you are and what you have (Fingerprint, IP address and token)
NIST SP 800-63
E-authentication process-OMB Memo M-04-04 http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m04-04.pdf
Sample E-Authentication