Definition
NIST SP 800-63B Authenticator Assurance Level — measures the robustness of the authentication process. AAL1: single-factor (low confidence); AAL2: multi-factor MFA with verifier-impersonation resistance (medium confidence); AAL3: hardware-backed cryptographic authenticators with verifier impersonation + replay resistance + biometric verification (high confidence). Federal agencies require AAL2 for sensitive operations, AAL3 for highly sensitive.
- Synonyms
-
- Authentication Assurance Level (NIST)
- Discouraged variants
-
- **NIST SP 800-63-4** SP-B (Authentication)
- Application
- Regulatory: NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- NIST
- Sources
-
- NIST SP 800-63B (Authenticator Assurance Levels) primary source
Related terms
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
Automated Data Classification
Machine learning-driven discovery and classification of sensitive data across structured and unstructured stores — ident …
-
Cloud Data Access Governance
Discovery, classification, and access control for sensitive data across cloud data stores (S3, Snowflake, BigQuery, Data …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
Continuous Compliance (CC)
Real-time verification that identity controls remain compliant with policy and regulatory frameworks — replaces periodic …
-
DIRM (DIRM)
Digital Identity Risk Management — the NIST SP 800-63-4 process for managing digital identity risk. Replaces the static …