标准摘要
[中文适用范围]: 本国际标准提供了一个用于在给定上下文中管理实体身份认证保证的框架。具体而言,它:规定了四个实体身份认证保证等级;规定了实现这四个等级中的每一个等级的标准和指南;提供了将其他身份认证保证方案映射到这四个保证等级(LoAs)的指南;提供了基于这四个保证等级交换身份认证结果的指南;并提供了用于缓解身份认证威胁的控制指南。 [外文原描述]: ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it: - specifies four levels of entity authentication assurance; - specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance; - provides guidance for mapping other authentication assurance schemes to the four LoAs; - provides guidance for exchanging the results of authentication that are based on the four LoAs; and - provides guidance concerning controls that should be used to mitigate authentication threats.
英文名称Information technology - Security techniques - Entity authentication assurance framework