Electronic Risk and Requirements Assessment (e-RA):
Background
To provide authentication services that can be used across government, the
E-Authentication project must first identify the full range of authentication
requirements for the electronic Government Initiatives and projects. The E-Authentication
Initiative teamed with the Software Engineering Institute (SEI) at Carnegie
Mellon University to develop a risk-based approach to authentication requirements,
called the Electronic Risk and Requirements Assessment, or e-RA. This approach
identifies the Risks associated with insufficient authentication of users, and
it forms the basis for the definition of authentication requirements. The tool
is fully aligned with OMB M-04-04 E-Authentication Guidance.
The e-RA Tool
The e-RA tool is available to anyone through the E-Authentication Initiative
to assess authentication risks of its customer's environment.
In response to feedback from e-RA users and the E-Authentication
Program Management Office, the e-RA tool has been improved. The current database
version is 1.5 (November 2005). The new version provides the following enhancements:
Click on the appropriate link to download the version of the e-RA tool that
will work for you.
Electronic Risk and Requirements Assessment Guide e-RA
Activity Guide v1.5
Please refer to the E-Authentication e-RA
Tool Activity Guide before using the e-RA tool; particularly (Section 2.2,
page 4)
Important Note: When downloading the e-RA tool and opening the application, you may receive Security Warnings. These warnings may be ignored (click "open" to ignore the warning and begin using the tool).
Download the Tool
- If you have MS Access 2002/2003 loaded on
your PC, you may download eRA2003v15.mde
- 2.10 MB in size
- If you have MS Access 2000 loaded on your PC, you may download eRA2000v15.mde
- 1.96 MB in size
- If you do not have MS Access loaded on your PC, you may download eRA
v15install.zip - 34.2 MB in size