Experian and Symantec’s Two-Factor Credentialing Solution First to Achieve NIST Special Publication 800-63-1 Level 3 Assurance

Experian and Symantec’s two-factor credentialing solution first to achieve NIST Special Publication 800-63-1 Level 3 Assurance
Solution evaluated by the General Services Administration Division of Identity Management
Costa Mesa, Calif., Aug 31, 2011 — Experian® today announced that the two-factor credentialing solution jointly developed by Experian and Symantec to comply with electronic authentication guidelines in the National Institute of Standards and Technology (NIST) Special Publication SP 800-63-1 is the first solution to achieve Level 3 Assurance.

The Experian and Symantec two factor credentialing solution was evaluated by the General Services Administration (GSA) Division of Identity Management. Following a review by personnel from NIST and GSA, who determined that the approach implemented by Experian and Symantec was sound and feasible, the GSA confirmed that the solution meets the intent of NIST SP 800-63-1 Level of Assurance 3 or higher.

Formal review of the solution by the GSA was required by the Drug Enforcement Administration’s (DEA) Interim Final Rule on Electronic Prescriptions for Controlled Substances. The DEA Interim Final Rule mandates that prescribers obtain two-factor identity credentials from a credential service provider that has been approved by GSA to conduct identity proofing and   meets the requirements of Level 3 Assurance or above as specified in the NIST Special Publication SP 800-63-1. 

The evaluated solution combines Experian’s identity proofing capabilities with the strong authentication capabilities of Symantec’s VeriSign Identity Protection (VIP) Authentication Service to deliver secure online identity credentials. It enables government agencies and healthcare organizations to minimize the risk of fraud when users conduct personal and sensitive transactions online. Both Experian’s identity proofing and the Symantec VIP Authentication Service are cloud-based services that can be accessed through secure web-services APIs.

“We are excited that our solution has been evaluated by the GSA and believe it will add great value in helping government agencies and healthcare organizations grant online access to services while simultaneously safeguarding individual user's identities, and protecting agency and constituent data,” said Scott Waldron, president of Experian, Government Services. “Our innovative solution with Symantec has already been delivered to one of the leading e-prescribers, DrFirst, and now is readily available to more government agencies and healthcare organizations.”

“We are pleased to have successfully delivered a solution at NIST SP 800-63-1 Level 3 Assurance,” said Nick Piazzola, senior director for Symantec Government Authentication Solutions. “The integration of Experian’s identity proofing with Symantec’s managed PKI and one-time password authentication offerings now enables us to provide a range of assurance levels for customers needing strong authentication for their websites and portals.”

Michael Troncale
Experian Public Relations
1 714 830 5462

About Experian
Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was $4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.