Edit

Configure Microsoft Entra ID to meet NIST authenticator assurance levels

  • Article

If you provide services for federal agencies, there can be challenges meeting multiple standards. As a cloud service provider (CSP) or federal agency, you ensure compliance with all relevant standards. Azure and Microsoft Entra ID make configuring requirements easier with our certifications. Azure is certified for more than 90 compliance offerings. For more details, see Trust your cloud.

This article set has guidance on attaining the authenticator assurance levels (AALs) in NIST SP 800-63B by using Microsoft Entra ID and other Microsoft solutions. See Next steps below.

Why meet NIST standards?

The National Institute of Standards and Technology (NIST) develops the technical requirements for US federal agencies that implement identity solutions. Organizations working with federal agencies also must meet these requirements. For more information about the NIST identity requirements, see Special Publication 800-63 Revision 3 (NIST SP 800-63-3).

NIST SP 800-63 is referenced by:

NIST guidelines are referenced in other standards, most notably the Federal Risk and Authorization Management Program (FedRAMP) for CSPs. Azure is certified for FedRAMP High Impact.

The NIST digital identity guidelines cover proofing and authentication of users, such as employees, partners, suppliers, customers, or citizens.

NIST SP 800-63-3 digital identity guidelines encompass three areas:

Each area has assurance levels. Use the following links to help attain the authenticator assurance levels (AALs) in NIST SP 800-63B by using Microsoft Entra ID and other Microsoft solutions.

Next steps

Learn about AALs

Authentication basics

NIST authenticator types

Achieve NIST AAL1 with Microsoft Entra ID

Achieve NIST AAL2 with Microsoft Entra ID

Achieve NIST AAL3 with Microsoft Entra ID