GSA outlines four e-authentication assurance levels

The General Services Administration will require agencies to adopt one of four assurance levels for electronic authorization for all e-government projects and major IT systems that conduct transactions by the end of fiscal 2004.

GSA, which will release its proposed policy in tomorrow’s Federal Register, asks agencies to perform risk assessments on the 25 Quicksilver e-government projects by Oct. 1 and all major systems by Sept. 15, 2004, to determine which assurance levels would be appropriate. GSA said most of the Quicksilver initiatives already have finished their risk assessments and determined the level of assurance they need.

Using e-authentication will help agencies establish confidence in both the identities of users and the authenticity of data in transactions with government information systems, GSA said.

In addition to the proposed policy, the National Institute of Standards and Technology will publish technical recommendations to help agencies determine the technologies they need to meet the assurance levels, the notice said.

GSA detailed assurance levels as:

  • Level 1: Little or no assurance is placed in the identity of the user, such as a citizen logging on to a customized Web page.


  • Level 2: It is highly probable that the user’s identity is accurate, such as a federal employee taking courses through an online education site. GSA said only minor damage would occur if someone falsely identified himself or herself.


  • Level 3: For official transactions that require a high degree of confidence that the user is authentic. GSA said an example of such a user would be a patent attorney who reports and updates data online with the Patent and Trademark Office.


  • Level 4: For official transactions that call for the utmost confidence that the user is authentic. For instance, a law enforcement official accessing a criminal database.


  • Agency business owners should consider “all direct and indirect consequences” when assessing risks based on the four assurance levels, GSA said.


    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • Defense
      Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

      Army wants to spend nearly $1B on cloud, data by 2025

      Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

    • Congress
      Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

      Jim Langevin's view from the Hill

      As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

    Stay Connected

    FCW INSIDER

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.