The draft policy outlines the four assurance levels -- minimal, low, substantial and high -- and provides examples of potential federal transactions at each level. A transaction needing only minimal authentication might be the registration to create a customized Web site through the Education Department's my.ed.gov portal. A substantial authentication transaction might be communication between a vendor and an agency contracting officer.
Agencies are already working to map the other e-government initiatives to the assurance levels, and that process must be completed by Oct. 1, 2003. Assessments on all federal systems classified as "major" under the Office of Management and Budget's investment guidelines should be completed by Sept. 15, 2004, and all existing transactions and systems must be categorized by Sept. 15, 2005.
Any new systems or transactions needing authentication should be categorized within 90 days of the final e-Authentication technical guidance issuance, which has an expected release date later this year.
RELATED LINKS
Quelle: Federal Computer Week