GSA outlines four e-authentication assurance levels

Featured eBooks
Space Tech
Read Now

Cyber Workforce

Read Now

AI in the Workplace

Read Now
Insights & Reports
Illuminating the Dark Web
Presented By Amazon Web Services
Download Now
The AI Advantage: Revolutionizing public sector analytics
Presented By Google
Download Now
By GCN Staff

By GCN Staff

|

GSA will require agencies to adopt one of four assurance levels for electronic authorization for all e-government projects and major IT systems that conduct transactions by Oct. 1.<br>

The General Services Administration will require agencies to adopt one of four assurance levels for electronic authorization for all e-government projects and major IT systems that conduct transactions by the end of fiscal 2004.GSA, which will release its proposed policy in tomorrow’s Federal Register, asks agencies to perform risk assessments on the 25 Quicksilver e-government projects by Oct. 1 and all major systems by Sept. 15, 2004, to determine which assurance levels would be appropriate. GSA said most of the already have finished their risk assessments and determined the level of assurance they need.Using e-authentication will help agencies establish confidence in both the identities of users and the authenticity of data in transactions with government information systems, GSA said.In addition to the proposed policy, the National Institute of Standards and Technology will publish technical recommendations to help agencies determine the technologies they need to meet the assurance levels, the notice said.GSA detailed assurance levels as:Agency business owners should consider “all direct and indirect consequences” when assessing risks based on the four assurance levels, GSA said.


Quicksilver initiatives







  • Level 1: Little or no assurance is placed in the identity of the user, such as a citizen logging on to a customized Web page.


  • Level 2: It is highly probable that the user’s identity is accurate, such as a federal employee taking courses through an online education site. GSA said only minor damage would occur if someone falsely identified himself or herself.


  • Level 3: For official transactions that require a high degree of confidence that the user is authentic. GSA said an example of such a user would be a patent attorney who reports and updates data online with the Patent and Trademark Office.


  • Level 4: For official transactions that call for the utmost confidence that the user is authentic. For instance, a law enforcement official accessing a criminal database.





    • NEXT STORY: Shea to replace Kellogg on joint staff