Term · 28. International Regulations
Risk-Based Authentication RBA
Definition
Authentication mechanism that calculates a risk score for each access attempt based on contextual signals — device, location, behavior, IP reputation, time of day, requested resource sensitivity — and adjusts authentication requirements accordingly. Low-risk allows passwordless; medium-risk triggers MFA; high-risk blocks or requires step-up authentication.
- Synonyms
-
- RBA
- Risk-aware auth
- Adaptive risk authentication
- Application
- Regulatory: NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- NIST
Related terms
-
Continuous Authentication
Authentication paradigm verifying user identity continuously throughout a session, not just at login. Uses behavioral bi …
-
AI-Powered Session Termination
Use of machine learning to detect compromised or anomalous sessions and automatically terminate them mid-flight — withou …
-
User and Entity Behavior Analytics (UEBA) (UEBA)
Class of security products using machine learning to build behavioral baselines for users and entities (applications, se …
-
Adaptive MFA
Authentication mechanism that adjusts MFA challenges based on real-time risk signals — device trust, location, behavior, …
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
Authentication (AuthN)
Process of verifying that a principal is who they claim to be. Three classic factors: knowledge (password, PIN), possess …