This Recommendation defines four levels of entity authentication assurance (i.e., LoA 1 – LoA 4), and the criteria and threats for each of the four levels of entity authentication assurance. Additionally, it: specifies a framework for managing the assurance levels; provides guidance concerning control technologies that are to be used to mitigate authentication threats, based on a risk assessment; provides guidance for mapping the four levels of assurance to other authentication assurance schemas; and provides guidance for exchanging the results of authentication that are based on the four levels of assurance.