Let’s get this out of the way right up front: this is not an early April Fools Day prank!
Granted, government blogs aren’t the typical medium for getting emotional. But we (Paul and Mike), and the rest of our incredible team at NIST, have truly been moved by the support, encouragement, and engagement you’ve provided as we embarked simultaneously on this major update to the document and – perhaps even bigger – updating our community engagement process to achieve a better result on this document.
We have received your feedback during the open comment period for draft Special Publication (SP) 800-63-3: Digital Identity Guidelines and can’t thank you enough. While we still have many comments to resolve, the feedback we’ve received has been very positive overall. Thanks to your help, we are very close – and will close the comment period as scheduled. Sort of…
In consultation with the White House Office of Management and Budget, we developed an approach to include normative guidelines to manage digital identity risk directly into SP 800-63-3. Over the years, many of you have asked for a more consistent approach to risk assessment and associated technical risk mitigation guidance. The changes in this update made this request even more important. We’re extremely grateful for our collaborative relationship with OMB, which enabled us to respond to you and better serve agency and industry needs. We believe this change will make digital identity management simpler for agency officials, mission owners, and implementers alike. But – consistent with the approach we’ve taken with this update so far – we need your feedback to know if we got it right. To that end, we are extending the comment period for the 800-63-3 volume only until for 30 days, closing on May 1st.
We ask that you review this document on its merits and do not comment on potential conflicts with existing guidance; we are working with our federal partners to address any such conflicts before finalizing.
Please check out the updated parent document — and dig-comments [at] nist.gov (reach out) to us if you have questions. You can also submit comments the old-fashioned way, via email. Sorry we’re not accepting comments the old-old fashioned way or the old-old-old fashioned way of fax and post, respectively. Though singing telegrams won’t be turned away.
Follow us on Twitter for updates and reminders to submit feedback on SP 800-63-3, as well as to engage with all our other efforts.