spec checked
NIST SP 800-63B restricted PSTN authenticator guidance
Identifies PSTN out-of-band authentication as a restricted authenticator, requiring risk assessment, notice of security risks, unrestricted alternatives at the required assurance level, mitigation of excessive risk, and migration planning when SMS or voice is used for authentication.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Confirm phone | Choose confirm phone when the product must prove that the user can receive a time-limited text-message or voice code at an already captured number. | The confirmation page states why phone access is required, what channel was used, and what phone number is being confirmed when disclosure is safe. | NIST supports treating PSTN out-of-band authentication as restricted and requiring alternatives, notice, and risk acceptance when SMS or voice is used for authentication. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: National Institute of Standards and Technology. Last checked: .