Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.

Published byAustin Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004."— Presentation transcript:

1 e-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004 Technical Session The E-Authentication Initiative

2 2 How does e-RA fit into the big picture?  E-Authentication Guidance for Federal Agencies (OMB M-04-04, Memorandum for Heads of all Departments and Agencies) E-Authentication Technical Guidance (NIST Special Pub 800-63) Credential Assessment Framework (Credential Providers)  e-RA (Agency Applications/Transactions) 

3 3 The E-Authentication Initiative What is e-RA?  The e-Authentication Initiative was established to provide a common, interoperable authentication service for the President’s e-Government Initiatives. In order to provide this service, the e-Authentication project needed to identify the full range of authentication requirements for the Initiatives. The e- Authentication Initiative partnered with the Software Engineering Institute (SEI) at Carnegie Mellon University to develop a risk- based approach to authentication requirements called e- Authentication Risk and Requirements Assessment, or e-RA. This approach identifies the risks associated with insufficient authentication of an e-Government Initiative user, and it forms the basis for the definition of authentication requirements.

4 4 The E-Authentication Initiative What is the e-RA approach?  The e-RA approach is essentially a risk-based requirements elicitation process to identify the risks and impacts that could result if user authentication controls are non-existent or inadequate.  Its focus is to ensure that a user has the proper credential to perform a particular transaction in an on-line system or web portal.  The e-RA approach produces a mapping of the transaction to a set of pre-defined authentication criteria that represent various levels of proving a user’s identity.  The mapping can then be used to identify and implement technological and operational solutions that ensure the transaction’s authentication requirements are achieved.

5 5 The E-Authentication Initiative What are e-RA’s Objectives?  Document and characterize an initiative’s transactions and associated data.  Identify the risks (threats and impacts) associated with authentication of the actors (or users) for the initiative’s range of transactions.  Define the authentication criteria for the initiative’s transactions, which can be developed into authentication requirements.  Analyze the authentication needs to define standardized levels of authentication and identity for E-Authentication Services.

6

7 7 The E-Authentication Initiative Where do I get it?  http://www.cio.gov/eauthentication  If you have Access 2000 loaded on your PC, download the MDB File - 1.44 MB in size  If you need the full version of the e-RA Tool, download the WinZip File - 128 MB in size  Also download the e-RA Guidance Document

8 8 The E-Authentication Initiative e-RA Demonstration

Download ppt "E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004."

Similar presentations

Jump to first page NIST 800-30 Risk Management Guide for Information Technology Systems Reference:

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
A practical framework for working in innovative collaborative environments Ray Ward, Programme Director Transformational Change Newcastle City Council.

A practical framework for working in innovative collaborative environments Ray Ward, Programme Director Transformational Change Newcastle City Council.
Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,

Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.

1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
Copyright 2003 CMMI: Executive Briefing Presented by Kieran Doyle 07971 222160.

Copyright 2003 CMMI: Executive Briefing Presented by Kieran Doyle
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
CMMI Overview Quality Frameworks.

CMMI Overview Quality Frameworks.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee www.cio.gov/fpkisc.

The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.

U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
Michalis Adamantiadis Transport Policy Adviser, SSATP SSATP Capacity Development Strategy Annual Meeting, December 2012.

Michalis Adamantiadis Transport Policy Adviser, SSATP SSATP Capacity Development Strategy Annual Meeting, December 2012.

Similar presentations

Ads by Google