<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is the level of [Assurance] or confidence within than [Assertion] and is used within the [Risk Assessment]


Balancing the [Level Of Assurance] with the [Risk Assessment] is complex; However, it must be simplified enough for decision actions to be made in a reasonable time.


!! [{$pagename}] for [Data Classification] [Example]
A [Data Classification] assessment is required to properly determine the sensitivity of [access].
Below is a [Example] of a [Risk Assessment] for an [Organizational Entity].

%%zebra-cccccc
%%sortable
%%table-filter
||Impact of [Authentication] Error||[LOA 1]||[LOA 2]||[LOA 3]||[LOA 4]
|[LoA|Level Of Assurance]|Little or no [Assurance] exists in the asserted [Digital Identity] - usually self-asserted; essentially a persistent identifier|[Assurance] exists that the asserted [Digital Identity] is accurate; used frequently for self service [applications]|High [Assurance] in the asserted [Digital Identity]'s accuracy; used to access [Protected Data]|Very high [Assurance] in the asserted [Digital Identity]'s accuracy; used to access highly [Protected Data].
|Potential Damage to [reputation]|[Low]|[Moderate]|[Moderate]|[High]
|Potential [Financial damage] or liability|[Low]|[Moderate]|[Moderate]|[High]
|Potential for unauthorized [release|Releasability] of sensitive information|N/A	 	 	 
|Potential civil (or [Criminal action]) violations; e.g. out of [compliance] with [Regulatory compliance] rules|N/A|[Low]|[Moderate]|[High]
|Potential harm to Organization's programs or public interests|N/A|[Low]|[Moderate]|[High]
|Potential impact to personal safety|N/A|N/A|[Low]|[Moderate]/[High]
/%
/%
/%
* N/A - can be thought of as &quot;Not Appropriate&quot; for the chart.


!! [NIST.SP.800-63-3] [{$pagename}]
[NIST.SP.800-63-3] sections on Selecting [{$pagename}]s:


The [Risk Assessment] results are the primary factor in selecting the most appropriate [{$pagename}]. This section details how to apply the results of the [Risk Assessment] with additional factors unrelated to [risk] to determine the most advantageous [{$pagename}] selection.

First, compare the risk assessment impact profile to the impact profiles associated with each [{$pagename}], as shown below. To determine the required [{$pagename}], find the lowest [{$pagename}] whose impact profile meets or exceeds the potential impact for every category analyzed in the [Risk Assessment]

Maximum Potential Impacts for Each Assurance Level

%%zebra-table
%%sortable
%%table-filter
||Impact Categories||1||2||3
|Inconvenience, distress or damage to standing or [reputation]|[Low]|[Moderate]|[High]
|Financial loss or agency liability|[Low]|[Moderate]|[High]
|Harm to agency programs or public interests|N/A|[Low]/[Moderate]|[High]
|[Unauthorized] [release|Releasability] of [Sensitive Data]|N/A|[Low]/[Moderate]|[High]
|Personal Safety|N/A|[Low]|[Moderate]/[High]
|Civil or criminal violations|N/A|[Low]/[Moderate]|[High]
/%
/%
/%



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]

























































































































































</pre>