This Recommendation defines four levels of entity authentication assurance (i.e., LoA 1 LoA 4), and the criteria and threats for each of the four levels of entity authentication assurance. Additionally, it:

specifies a framework for managing the assurance levels;

provides guidance concerning control technologies that are to be used to mitigate authentication threats, based on a risk assessment;

provides guidance for mapping the four levels of assurance to other authentication assurance schemas; and

provides guidance for exchanging the results of authentication that are based on the four levels of assurance.