Configure Microsoft Entra ID to meet NIST authenticator assurance levels
If you provide services for federal agencies, there can be challenges meeting multiple standards. As a cloud service provider (CSP) or federal agency, you ensure compliance with all relevant standards. Azure and Microsoft Entra ID make configuring requirements easier with our certifications. Azure is certified for more than 90 compliance offerings. For more details, see Trust your cloud.
This article set has guidance on attaining the authenticator assurance levels (AALs) in NIST SP 800-63B by using Microsoft Entra ID and other Microsoft solutions. See Next steps below.
The National Institute of Standards and Technology (NIST) develops the technical requirements for US federal agencies that implement identity solutions. Organizations working with federal agencies also must meet these requirements. For more information about the NIST identity requirements, see Special Publication 800-63 Revision 3 (NIST SP 800-63-3).
NIST SP 800-63 is referenced by:
- The Electronic Prescription of Controlled Substances EPCS program
- Financial Industry Regulatory Authority (FINRA) requirements
- Healthcare, defense, and other industry associations often use the NIST SP 800-63-3 as a baseline for identity and access management requirements
NIST guidelines are referenced in other standards, most notably the Federal Risk and Authorization Management Program (FedRAMP) for CSPs. Azure is certified for FedRAMP High Impact.
The NIST digital identity guidelines cover proofing and authentication of users, such as employees, partners, suppliers, customers, or citizens.
NIST SP 800-63-3 digital identity guidelines encompass three areas:
SP 800-63A - enrollment and identity proofing
SP 800-63B - authentication and lifecycle management
SP 800-63C - federation and assertions
Each area has assurance levels. Use the following links to help attain the authenticator assurance levels (AALs) in NIST SP 800-63B by using Microsoft Entra ID and other Microsoft solutions.
Achieve NIST AAL1 with Microsoft Entra ID