E-Authentication
E-Authentication is the secure process that EPA uses to confirm people's identity and electronic signatures. Examples of E-Authentication credentials include personal identification numbers (PINs), passwords and public key infrastructure (PKI) certificates.
EPA's Exchange Network Web services were pilot-tested (PDF, 2 pp, 136KB, About PDF) to make federal E-Authentication functionality available to state systems and the individuals. Based on the success of this pilot, EPA will soon begin offering states the ability to use the Exchange Network services to validate federally recognized public key infrastructure (PKI) certificates presented by individuals.
For further E-Authentication Governance Information:
- OMB M-04-04 E-Authentication Guidance for Federal Agencies (PDF, 17 pp, 125KB, About PDF) is an OMB policy document that defines four levels of e-Authentication and the corresponding degrees of certainty required for e-Authentication.
- NIST SP 800-63 Electronic Authentication Guideline (PDF, 64 pp, 397KB, About PDF) outlines technical specifications for achieving the degree of certainty required at each of the four levels of e-Authentication.
- GSA-sponsored E-Authentication Architecture is an implementation tool that enables federal agencies to implement National Institute of Standards and Technology (NIST) - compliant e-Authentication with credentials that can be reused across computer systems.
The Exchange Network works with EPA program offices and state partners to ensure that EPA satisfies the requirements of M-04-04 and NIST SP 800-63. The Exchange Network also assists EPA programs and states in taking advantage of opportunities provided by the E-Authentication Architecture. Activities include:
- Supporting EPA's participation on the Federal E-Authentication Steering Committee.
- Sponsoring pilot tests of E-Authentication approaches for EPA and state systems that leverage the E-Authentication Architecture.
- Sponsoring implementations of E-Authentication Architecture solutions for EPA systems.
- Conducting risk assessments to determine e-Authentication levels for EPA systems, as required by M-04-04.
- Tracking and reporting on EPA's progress in meeting OMB e-Authentication goals.
Additional resources:
E-Authentication
Federal Identity Credentialing Committee
E-Authentication Handbook for Federal Government Agencies (PDF, 27 pp, 244KB, About PDF)