Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat

National Institute of Standards and Technology (NIST) Special Publication 800-63

The NIST 800-63 Electronic Authentication Guidelines provide technical recommendations for remote electronic authentication to Federal IT system.

The OMB guidance, E-Authentication Guidance for Federal Agencies, [OMB 04-04] defines four levels of authentication, Levels 1 to 4, in terms of the consequences of the authentication errors and misuse of credentials. The NIST 800-63 guidance provides specific technical requirements for each of the four levels of assurance.

Level 1 Little or no confidence in the asserted identity’s validity.
A single factor token (often a password) is required.
Level 2 Some confidence in the asserted identity’s validity.
A single factor token (often a password) is required.
Level 3 High confidence in the asserted identity’s validity.
A minimum of two authentication factors is required. Three kinds of tokens may be used:
• “soft” cryptographic token, which has the key stored on a general-purpose computer,
• “hard” cryptographic token, which has the key stored on a special hardware device, and
• “one-time password” device token
Level 4 Very high confidence in the asserted identity’s validity.
A minimum of two authentication factors is required. This level is similar to Level 3 except that only “hard” cryptographic tokens are allowed. This level requires a physical token, which cannot readily be copied, and operator authentication at Level 2 and higher, and ensures good, two-factor remote authentication.

PhoneFactor Offers Rapid, Cost Effective Compliance with NIST
Depending on the implementation, the PhoneFactor service can meet all of the requirements for Level 3 or 4 Assurance as stated in the NIST Electronic Authentication Guideline (Draft Special Publication 800-63-1).

With PhoneFactor, there are no devices, software, or certificates to deploy and maintain – it works with the user’s existing phone (landline or mobile). Users require very little training and almost no ongoing support – making PhoneFactor significantly less expensive to setup and maintain than other two-factor solutions.

PhoneFactor offers instant integration with all leading business systems and synchronizes with AD and LDAP Servers for centralized user management. Easy, automated self-service options are available through the phone and web, which helps to expedite deployment and minimize overhead.

PhoneFactor is trusted by government organizations like the US Department of State, the District of Columbia government, and the Federal Railroad Administration to meet NIST and other regulatory requirements for two-factor authentication.

Solutions

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates