Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Strong Authentication and US Federal Digital Services


Published on

A presentation from Paul Grassi, senior standards and technology advisor, NIST, on FIDO Authentication in applications within the US Federal Digital Services.

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

Strong Authentication and US Federal Digital Services

  1. 1. Strong Authentication and US Federal Digital Services Paul Grassi, Senior Standards and Technology Advisor, NIST
  2. 2. current state
  3. 3. based on
  4. 4. It gets worse
  5. 5. everyone else
  6. 6. where does FIDO fit in?
  7. 7. Privacy Enhancing & Voluntary Secure & Resilient Interoperable Cost-Effective & Easy to Use
  8. 8. Authenticator Assurance Levels AAL1 AAL2 AAL3
  9. 9. Authenticator Assurance Level 3 (formerly known as LOA4) AAL 3 is intended to provide the highest practical remote network authentication assurance. Authentication at AAL 3 is based on proof of possession of a key in a physical authenticator through a cryptographic protocol. AAL 3 is similar to AAL 2 except that only hardware cryptographic authenticators (in conjunction with a memorized secret for single-factor cryptographic devices) and multi-factor OTP devices are allowed. The authenticator SHALL be a hardware cryptographic module validated at Federal Information Processing Standard (FIPS) 140 Level 2 or higher overall (Level 1 for single-factor authenticators) with at least FIPS 140 Level 3 physical security.
  10. 10. always supported
  11. 11. newly supported
  12. 12. USG Use Cases ? M-05-24
  13. 13. So we need a new interoperability target?
  14. 14. what else?
  15. 15. strength of authentication (SOFA)
  16. 16. @TrustedIDsNIST