Date post: | 22-Jan-2018 |
Category: |
Government & Nonprofit |
Upload: | fido-alliance |
View: | 2,369 times |
Download: | 0 times |
Strong Authentication and US Federal
Digital ServicesPaul Grassi, Senior Standards and Technology Advisor, NIST
current state
based on
It gets worse
everyone else
where does FIDO fit in?
Privacy Enhancing & Voluntary
Secure & Resilient
Interoperable
Cost-Effective & Easy to Use
Authenticator Assurance
Levels
AA
L1 A
AL2 A
AL3
Authenticator Assurance Level 3(formerly known as LOA4)
AAL 3 is intended to provide the highest practical remote network
authentication assurance. Authentication at AAL 3 is based on proof of
possession of a key in a physical authenticator through a
cryptographic protocol. AAL 3 is similar to AAL 2 except that
only hardware cryptographic authenticators (in conjunction
with a memorized secret for single-factor cryptographic devices) and
multi-factor OTP devices are allowed. The authenticator SHALL be a
hardware cryptographic module validated at Federal
Information Processing Standard (FIPS) 140 Level
2 or higher overall (Level 1 for single-factor
authenticators) with at least FIPS 140 Level 3
physical security.
always supported
newly supported
USG Use Cases
?M-05-24
So we need a
new
interoperability
target?
what else?
https://www.nist.gov/itl/tig
@TrustedIDsNIST
https://service.govdelivery.com/accounts/USNIST/subscriber/new?topic_id=USNIST_213
http://trustedidentities.blogs.govdelivery.com
https://github.com/usnistgov/800-63-3