Authenticator Assurance Level (AAL)

NIST 800-63B levels describing authentication strength. AAL1: single factor. AAL2: multi-factor. AAL3: multi-factor with phishing-resistant cryptographic authenticator (FIDO2, smartcards). Higher AAL is mandatory for higher-impact systems.