ISO/IEC 29115:2013 信息技术 安全技术 实体认证保障框架

标准编号：ISO/IEC 29115:2013

中文名称：信息技术 安全技术 实体认证保障框架

英文名称：Information technology — Security techniques — Entity authentication assurance framework

发布日期：2013-04

标准范围

ISO/IEC 29115:2013提供了用于在给定上下文中管理实体认证保证的框架。特别地，它:-指定四个级别的实体认证保证；-为实现实体认证保证的四个级别中的每一个级别指定标准和指南；-为将其他认证保证方案映射到四个LOA提供指导；-提供用于交换基于四个LOA的认证结果的指导；以及-提供有关应用于减轻身份验证威胁的控制的指导。

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:

- specifies four levels of entity authentication assurance;

- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;

- provides guidance for mapping other authentication assurance schemes to the four LoAs;

- provides guidance for exchanging the results of authentication that are based on the four LoAs; and

- provides guidance concerning controls that should be used to mitigate authentication threats.

标准预览图