The U.S. National Institute of Standards and Technologies (NIST) SP 800-63B recommends that for services where user authentication is required, they must authenticate using methods that provide the highest level of assurance. The robustness of this confidence is described by an AAL categorization.