Executive Order 13636, issued in February 2013, established a requirement for the development of a voluntary risk-based cybersecurity framework. The resultant framework includes industry standards and best practices to help organizations manage cybersecurity risks.
The framework was created under the leadership of the National Institute of Standards and Technology (NIST), which facilitated collaboration between government and the private sector to develop a baseline to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. The framework is in use today, providing a starting point for entities to implement cybersecurity measures for their organizations.
There are several different types of combinations of authentication. Higher levels of security are generally associated with more levels of authentication (multifactor). For example, two-factor authentication might include a token and a password. Kerberos is a protocol for authentication that is made up of two components: a ticket (distributed by a service) for user authentication and a key that is developed from the user's password. Another authentication scheme is the Challenge-Handshake Authentication Protocol (CHAP), which uses a representation (hash) of the user's password to authenticate.
Focus your study on the first 17 pages of the following resource.