Recommendation ITU-T X.1254 defines three entity authentication assurance levels (i.e., AAL1 – AAL3), and the criteria and threats for each of the three levels of entity authentication assurance.
Additionally, it:
• specifies a framework for managing the assurance levels;
• provides guidance concerning control technologies that are to be used to mitigate authentication threats, based on a risk assessment;
• provides guidance for mapping the three levels of assurance to other authentication assurance schemas; and
• provides guidance for exchanging the results of authentication that are based on the three levels of assurance.