M-04-04 E-Authentication Guidance requires risk assessments be completed for federal government applications that will be deployed using electronic authentication. To help agencies meet that need, the Software Engineering Institute (SEI) at Carnegie Mellon University was tasked to develop a risk-based approach to authentication requirements, called the Electronic Risk and Requirements Assessment, or e-RA. This approach identifies the risks associated with insufficient authentication of users, and it forms the basis for the definition of authentication requirements.
The e-RA tool can be used to assess authentication risks of an online application. Click on the appropriate link below to download the version of the e-RA tool that will work for you.
In response to feedback from e-RA users, the e-RA tool has been improved. The current database version is 1.5.2 (January 2009). The new version provides the following enhancements:
- Correct risk and transaction report headings and
- Updated assurance level logic within parent and child records
Please refer to the e-RA Activity Guide before using the e-RA tool, particularly Section 2.2 on page 4. Examples given are for illustrative purposes only. Use information appropriate for your application and agency policies.
Important Note: When downloading the e-RA tool and opening the application, you may receive Security Warnings. These warnings may be ignored (click "open" to ignore the warning and begin using the tool).
- For a copy of the MS Access e-RA version 1.5.2 mdb (2.2 MB), click here to download the WinZip file (502KB)
If you have any problems downloading the WinZip file, contact idmanagement@gsa.gov
To download the WinZip plug-in