NIST SP-800-63-1 Multi-Token Assurance Level Matrix
The following table (from NIST SP-800-63-1, Table 7) describes the highest level of assurance that is possible using a combination of two approved token types. On a per-session basis, these token combinations can be used to reach a higher level of assurance than each token on its own.
- Memorized Secret Token - Something you know
- Pre-Registered Knowledge Token - Something you know
- Look-up Secret Token - Something you have
- Out of Band Token - Something you have
- Single Factor (SF) One-Time Password (OTP) Device - Something you have
- Single Factor (SF) Cryptographic Device - Something you have
- Multi-Factor (MF) Software Cryptographic Token - Something you have; it may be activated by something you know or something you are
- Multi-Factor (MF) One-Time Password (OTP) Device - Something you have; it may be activated by something you know or something you are
- Multi-Factor (MF) Cryptographic Device - Something you have; it may be activated by something you know or something you are
RELATED INFO
- HOW-TO: Incorporate Risk Management into Assurance Level Determination
- NIST Electronic Authentication Guideline (NIST SP-800-63-1)
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.
Topic(s): Authentication.
I am a public interest technologist. I help organizations and leaders gain clarity and understanding on complex architecture, information security, privacy practices, and market dynamics, so they can enable secure, trustworthy digital services. 
