Digital Insanity: Exploring the Flexibility of NIST Digital Identity Assurance Levels
DOI:
https://doi.org/10.34190/iccws.18.1.1032Keywords:
Assurance Level, Digital Identity Risk Assessment, Digital Identity, Identity Proofing, Authenticator, FederationAbstract
NIST Special Publication 800-63-3 presents a new risk management concept on digital identity. It includes various harm categories to determine an appropriate assurance level for identity proofing, authentication, and federation. These three distinct approaches are highlighted to give flexibility in protecting systems. This paper explores if this is a realized flexibility by developing a tool to test assurance level and component flexibility. It also identifies appropriate MFA levels given different levels of risks and makes three recommendations to help improve the adoption of the NIST digital identity guidelines.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Kenneth Myers

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.