This Recommendation defines four levels of entity authentication assurance (i.e., LoA 1 – LoA 4), and the criteria and threats for each of the four levels of entity authentication assurance. Additionally, it:
• specifies a framework for managing the assurance levels;
• provides guidance concerning control technologies that are to be used to mitigate authentication threats, based on a risk assessment;
• provides guidance for mapping the four levels of assurance to other authentication assurance schemas; and
• provides guidance for exchanging the results of authentication that are based on the four levels of assurance.