NIST SP 800-63 (Electronic Authentication Guideline) establishes technical guidelines for implementing authentication mechanisms for government and electronic commerce. While these recommendations are specifically for the US, they are broadly applicable to any environment that requires the authentication of entities and users.
These recommendations define the technical requirements for the four levels of assurance (LoA) in the areas of identity, proofing, registration, tokens, authentication protocols and related assertions. The NIST regulation complements the OMB Guidelines "E-Authentication Guidance for Federal Agencies", which also define four LoA for electronic communications.
The future international standard ISO/IEC 29115 (Entity Authentication Assurance Framework) provides a framework for managing user authentication guarantees. It establishes four LoA for entities, stipulating the criteria and guidelines for each of the defined levels.
The TrustedX product supports classifying the strength of the security mechanisms using the definition of the LoA so that the system can assess its security independently of the chosen mechanism. The TrustedX authentication levels can be configured and adapted for each scenario, although the product has a configuration of default authentication levels, which is in line with the guidelines defined in the NIST SP 800-63 and ISO/IEC 29115.