Electronic Risk and Requirements Assessment (e-RA)
To provide authentication services that can be used across government, the E-Authentication project must first identify the full range of authentication requirements for the electronic Government Initiatives and projects. The E-Authentication Initiative teamed with the Software Engineering Institute (SEI) at Carnegie
Mellon University to develop a risk-based approach to authentication requirements, called the Electronic Risk and Requirements Assessment, or e-RA. This approach identifies the Risks associated with insufficient authentication of users, and it forms the basis for the definition of authentication requirements. The tool is fully aligned with OMB M-04-04 E-Authentication Guidance.
The e-RA Tool
The e-RA tool is available to anyone through the E-Authentication Initiative to assess authentication risks of its customer's environment. Click on the appropriate link to download the version of the e-RA tool that will work for you.
In response to feedback from e-RA users and the E-Authentication Program Management Office, the e-RA tool has been improved. The current database version is 1.5 (November 2005). The new version provides the following enhancements:
Electronic Risk and Requirements Assessment Guide e-RA Activity Guide V1.5
- Improved end user interface
- Added functionality to capture transactions by user type
- Added more comment areas
- Added enhanced reports
Please refer to the E-Authentication e-RA Tool Activity Guide before using the e-RA tool; particularly (Section 2.2, page 4)
Important Note: When downloading the e-RA tool and opening the
application, you may receive Security Warnings. These warnings may be ignored
(click "open" to ignore the warning and begin using the tool).
Download the Tool
Page Last Updated: 10-December-2007