NIST 800-63 LOA 1 Memorized Secret Token Strength and Authentication Profile, v1.0

This Trust Interoperability Profile specifies NIST 800-63 LOA 1 requirements on the implementation and strength of memorized secret tokens, and the use of these tokens for subscriber authentication by CSPs.
Publication Date: 2017-05-18
Issuing Organization:
No Responder support@trustmarkinitiative.org 404-407-8956 75 5th Street NW, Suite 900, Atlanta, GA 30308
Keywords: There are no keywords.
Supersedes:
Legal Notice: This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
Loading...

Trust Expression:

TD_1 AND TD_2 AND TD_3 AND TD_4

References (4)

TD_1
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for low entropy of memorized secret tokens.
TD_2
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for throttling of authentication attempts with memorized secret tokens.
TD_3
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for access control requirements for shared secret files.
TD_4
This Trustmark Definition covers requirements on Credential Service Providers (CSPs) for avoiding storing passwords in plaintext.
Also available as XML or JSON