Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Many thanks for a successful 800-63-3 public preview!

A look back on the SP 800-63-3 public preview

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next…

Between May 8 and September 17, 2016 – our first foray into using GitHub to solicit and manage comments for a major document– there were at least 3,757 unique visitors to our GitHub repository, with contributors submitting 258 ‘issues’ (i.e. items for our review). The open-source nature of this approach allowed us to communicate directly with commenters, giving us a much better way of knowing whether we heard you. It also gave commenters the opportunity to review updates and tell us if we got it right. Our goal was to create a community-driven document, and we hope you agree that your thoughtful feedback substantially improved the document from its initial draft.

As of yesterday, we have temporarily stopped responding to issues posted on GitHub to prepare for the upcoming formal public comment phase. Anyone can view the document as it was yesterday. You can still open an issue—but please know that we will automatically close those issues and ask that you check the updated document when it is posted at the start of the public comment period. If you still see the issue, we ask you to please open it then.

What is coming next?

We’re aiming to release a new draft for public comment in mid-fall.

We’ll have full details upon release of the draft—and GitHub will remain the tool of choice during the public comment period—but we will also include a PDF version of the draft. In addition to submitting comments via GitHub, you will also have the option to submit comments to us via email. We always make comments publicly available, so our team will convert any comments that reach us via email to open GitHub ‘issues’ that everyone can see. This allows us to continue to be transparent about the issues that influence any changes we will ultimately make after the public comment period ends. It also encourages rich, ongoing dialogue—as anyone can discuss an open issue to help find the best possible resolution.

Thank you again for your contributions, support in this new approach, and willingness to be a part of this document’s evolution. We’re looking forward to keeping the discussion lively and impactful during the upcoming official public comment period this fall.

For those who want a deep dive into the latest draft, we’re planning a webinar at the beginning of the public comment period to answer any outstanding questions, and to give everyone an idea of what’s ahead for SP 800-63-3. Be sure to follow us on Twitter for future updates about the webinar including the date, registration details, and agenda.

About the author

Paul Grassi

Paul Grassi was a Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST). He joined NIST in June 2014 to advance and accelerate the development and adoption of identity authentication and authorization related standards and technologies needed to implement the identity ecosystem envisioned in the National Strategy for Trusted Identities in Cyberspace (NSTIC). Mr. Grassi has a broad background in technology and management consulting, and significant experience developing enterprise security strategies and systems, having served a range of Fortune 500 companies, as well as domestic and foreign governments. He is no longer at NIST, but continues to serve the identity community.

Related posts


How does one reach GitHub?
Hi Rich, The GitHub page is hyperlinked in the blog above; here it is for easy access: Thanks, NSTIC Office

Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.