GSA drafts e-Authentication policy
- By Diane Frank
- Jul 11, 2003
Draft e-Authentication policy
The General Services Administration today released a draft e-Authentication policy that outlines four levels of assurance against which agencies must align all federal transactions and services by Sept. 15, 2005.
The draft policy, which is part of the e-Authentication e-government initiative, is based on the information risk factor, what person or organization the information is regarding and the amount of harm it may cause if that information is compromised.
The draft policy outlines the four assurance levels — minimal, low, substantial and high — and provides examples of potential federal transactions at each level. A transaction needing only minimal authentication might be the registration to create a customized Web site through the Education Department's my.ed.gov portal. A substantial authentication transaction might be communication between a vendor and an agency contracting officer.
Agencies are already working to map the other e-government initiatives to the assurance levels, and that process must be completed by Oct. 1, 2003. Assessments on all federal systems classified as "major" under the Office of Management and Budget's investment guidelines should be completed by Sept. 15, 2004, and all existing transactions and systems must be categorized by Sept. 15, 2005.
Any new systems or transactions needing authentication should be categorized within 90 days of the final e-Authentication technical guidance issuance, which has an expected release date later this year.