Provides a framework for managing entity authentication assurance in a given context. In particular, it specifies four levels of entity authentication assurance; specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance; provides guidance for mapping other authentication assurance schemes to the four LoAs; provides guidance for exchanging the results of authentication that are based on the four LoAs; and provides guidance concerning controls that should be used to mitigate authentication threats.