{
	"id": "344083be-b102-4d0a-ad83-3aa31346fae9",
	"created_at": "2026-04-06T00:10:02.802578Z",
	"updated_at": "2026-04-10T03:20:40.134937Z",
	"deleted_at": null,
	"sha1_hash": "f8af98bb05363dc6a45fc085511aa48fa6461e0a",
	"title": "authentication - Glossary | CSRC",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54047,
	"plain_text": "authentication - Glossary | CSRC\r\nArchived: 2026-04-05 16:44:15 UTC\r\n  Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an\r\ninformation system.\r\nSources:\r\nFIPS 200 under AUTHENTICATION\r\nNIST SP 1800-10B under Authentication from FIPS 200\r\nNIST SP 1800-21C under Authenticate\r\nNIST SP 800-128 under Authentication from FIPS 200\r\nNIST SP 800-137 under Authentication from FIPS 200\r\nNIST SP 800-18 Rev. 1 under Authentication\r\nNIST SP 800-30 Rev. 1 under Authentication from FIPS 200\r\nNIST SP 800-39 under Authentication from FIPS 200\r\nNIST SP 800-60 Vol. 1 Rev. 1 under Authentication from FIPS 200\r\nNIST SP 800-60 Vol. 2 Rev. 1 under Authentication from FIPS 200\r\n  The process of establishing confidence of authenticity; in this case, the validity of a person’s identity and an\r\nauthenticator (e.g., PIV Card or derived PIV credential).\r\nSources:\r\nFIPS 201-3 under Authentication\r\n  A security measure designed to protect a communications system against acceptance of fraudulent transmission\r\nor simulation by establishing the validity of a transmission, message, originator, or a means of verifying an\r\nindividual's eligibility to receive specific categories of information.\r\nSources:\r\nCNSSI 4009-2015 from CNSSI 4005, NSA/CSS Manual Number 3-16 (COMSEC)\r\n  Security measures designed to establish the validity of a transmission, message, or originator, or a means of\r\nverifying an individual’s authorization to receive specific categories of information.\r\nSources:\r\nNIST SP 800-59 under Authentication from CNSSI 4009\r\n  Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a\r\nsystem.\r\nSources:\r\nNIST SP 800-12 Rev. 1 under Authentication from FIPS 200\r\nNIST SP 800-128 from FIPS 200\r\nNIST SP 800-171r3 from FIPS 200 - adapted\r\nNIST SP 800-172 from FIPS 200 - Adapted\r\nhttps://csrc.nist.gov/glossary/term/authentication\r\nPage 1 of 5\n\nNIST SP 800-172A from FIPS 200 - Adapted\r\nNIST SP 800-37 Rev. 2 from FIPS 200\r\nNIST SP 800-53 Rev. 5 from FIPS 200\r\nNISTIR 7316 under Authentication\r\n  Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an\r\ninformation system.\r\nSources:\r\nCNSSI 4009-2015 from FIPS 200\r\nNIST SP 800-82r3 from FIPS 200\r\n  To confirm the identity of an entity when that identity is presented.\r\nSources:\r\nCNSSI 4009-2015 under authenticate\r\n  The process a VPN uses to limit access to protected services by forcing users to identify themselves.\r\nSources:\r\nNIST SP 800-113 under Authentication\r\n  Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s\r\nresources.\r\nSources:\r\nNIST SP 1800-16B under Authentication\r\nNIST SP 1800-16C under Authentication\r\nNIST SP 1800-16D under Authentication\r\nNIST SP 1800-17c under Authentication\r\n  Provides assurance of the authenticity and, therefore, the integrity of data.\r\nSources:\r\nNIST SP 800-67 Rev. 2 under Authentication\r\n  A process that provides assurance of the source and integrity of information in communications sessions,\r\nmessages, documents or stored data or that provides assurance of the identity of an entity interacting with a\r\nsystem.\r\nSources:\r\nNIST SP 800-57 Part 2 Rev.1 under Authentication\r\n  Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s\r\nresources\r\nSources:\r\nNIST SP 1800-17b under Authentication\r\nhttps://csrc.nist.gov/glossary/term/authentication\r\nPage 2 of 5\n\nThe process of establishing confidence of authenticity. In this case, it is the validity of a person’s identity and the\r\nPIV Card.\r\nSources:\r\nNIST SP 1800-12b\r\n  A process that provides assurance of the source and integrity of information that is communicated or stored or\r\nthe identity of an entity interacting with a system.\r\nSources:\r\nNIST SP 800-175B Rev. 1 under Authentication\r\n  Note that in common practice, the term \"authentication\" is used to mean either source or identity authentication\r\nonly. This document will differentiate the multiple uses of the word by the terms source authentication, identity\r\nauthentication, or integrity authentication, where appropriate.\r\nSources:\r\nNIST SP 800-175B Rev. 1 under Authentication\r\n  A process that provides assurance of the source and integrity of information in communications sessions,\r\nmessages, documents or stored data or that provides assurance of the identity of an entity interacting with a\r\nsystem. See Source authentication, Identity authentication, and Integrity authentication.\r\nSources:\r\nNIST SP 800-57 Part 1 Rev. 5 under Authentication\r\n  The process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to\r\nresources in an information system.\r\nSources:\r\nNIST SP 1800-27B under Authentication from FIPS 200\r\nNIST SP 1800-27C under Authentication from FIPS 200\r\n  The act of verifying that the subject has been authorized to use the presented identifier by a trusted identity\r\nprovider organization.\r\nSources:\r\nNIST SP 800-162\r\n  The corroboration that a person is the one claimed.\r\nSources:\r\nNIST SP 800-66r2 from HIPAA Security Rule - §164.304\r\n  As used in this document, a process that provides assurance of the source and integrity of information that is\r\ncommunicated or stored, or that provides assurance of an entity’s identity.\r\nSources:\r\nNIST SP 800-175A\r\nhttps://csrc.nist.gov/glossary/term/authentication\r\nPage 3 of 5\n\nThe process by which a claimant proves possession and control of one or more authenticators bound to a\r\nsubscriber account to demonstrate that they are the subscriber associated with that account.\r\nSources:\r\nNIST SP 800-63-4 [\r\n]\r\nNIST SP 800-63A-4 []\r\n  The process of establishing confidence in the identity of users or information systems.\r\nSources:\r\nNISTIR 8149 under Authentication\r\n  The process of verifying a claimed identity of a user, device, or other entity in a computer system\r\nSources:\r\nNISTIR 4734 under Authentication\r\n  the process of verifying the integrity of data that has been stored, transmitted, or otherwise exposed to possible\r\nunauthorized access.\r\nSources:\r\nNISTIR 4734 under Authentication\r\n  The process of proving the claimed identity of an individual user, machine, software component or any other\r\nentity.  Typical authentication mechanisms include conventional password schemes, biometrics devices,\r\ncryptographic methods, and onetime passwords (usually implemented with token based cards.)\r\nSources:\r\nNISTIR 5153 under Authentication\r\n  The process of establishing confidence in the claimed identity of a user or system\r\nSources:\r\nNISTIR 7682 under Authentication\r\n  Verifying the identity of a user, process, or device, often as a prerequisite for allowing access to resources in an\r\ninformation system.\r\nSources:\r\nNISTIR 8301 under Authentication from FIPS 200\r\n  measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability.\r\nSources:\r\nNISTIR 7864 under Authentication\r\nNISTIR 7946 under Authentication\r\n  \r\nhttps://csrc.nist.gov/glossary/term/authentication\r\nPage 4 of 5\n\nThe process by which a claimant proves possession and control of one or more authenticators bound to a\r\nsubscriber account to demonstrate that they are the subscriber associated with that account and involves one or\r\nmore of the following factors:\r\ni. something you know (e.g., password/personal identification number (PIN) );\r\nii. something you have (e.g., cryptographic identification device, token); or\r\niii. something you are (e.g., biometric).\r\nSources:\r\nNIST IR 8523 from NIST SP 800-63-4 - adapted\r\nSource: https://csrc.nist.gov/glossary/term/authentication\r\nhttps://csrc.nist.gov/glossary/term/authentication\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://csrc.nist.gov/glossary/term/authentication"
	],
	"report_names": [
		"authentication"
	],
	"threat_actors": [],
	"ts_created_at": 1775434202,
	"ts_updated_at": 1775791240,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f8af98bb05363dc6a45fc085511aa48fa6461e0a.pdf",
		"text": "https://archive.orkl.eu/f8af98bb05363dc6a45fc085511aa48fa6461e0a.txt",
		"img": "https://archive.orkl.eu/f8af98bb05363dc6a45fc085511aa48fa6461e0a.jpg"
	}
}