Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Closing time! You don’t have to go home … but you can still comment on draft SP 800-63-3

Just 15 days remain in the comment period for draft Special Publication (SP) 800-63-3: Digital Identity Guidelines! The document opened for public comment on January 30th and will close on March 31st. Based on the comments we’ve received so far, we don’t expect to extend the deadline, so get to work and submit your comments before closing time!

To see what we covered during our informational 800-63-3 webinar, check out the recording from February 7th (accompanying slides can be found here).

Why now?

The proposed update more closely matches the way digital services are deployed and utilized today. Our aim for SP 800-63-3 is to help agencies mitigate risk by accepting diverse sets of identity proofing and authentication techniques. The revised draft also more closely aligns with the identity standards work occurring across the globe.

Our process and timeline

Since the start of this public comment period, we’ve already adjudicated more than 50 of your comments - the vast majority of which have been clarifications or the addition of helpful definitions. As always, we welcome more of your comments and plan to review and adjudicate them as quickly as we can once the comment period closes. While we aim to publish the final Digital Identity Guidelines document by early summer, we take this process seriously and won’t go final just yet if requirements fundamentally shift based on insightful comments from the community. That said, we don’t feel that the comments we’ve received so far have reached the threshold that warrants extending the comment period or introducing a second comment period...so you should anticipate that, after first opening for comments on GitHub last May, the end of this comment period on March 31st is truly your last chance to weigh in.

How to comment

GitHub is our preferred tool for the submission of comments; you can read the document here and you can contribute here. We also have a PDF version of the draft and submit dig-comments [at] nist.gov (email) comments to dig-comments [at] nist.gov. Note that we will make all comments publicly available by converting those shared via email to open GitHub “issues” to maintain an open and transparent process.

We appreciate your collaboration, questions, and thoughts - so please keep the comments coming until the end of the month as we work to make 800-63-3 even better...the sooner you can submit them, the better.

If you’re looking for updates on SP 800-63-3 or other Trusted Identities Group activities, please subscribe to our email updates or follow us on Twitter.

 

About the author

Paul Grassi

Paul Grassi was a Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST). He joined NIST in June 2014 to advance and accelerate the development and...

Related posts

Let’s talk about IoT device security

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.