Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

From public preview to public draft: SP 800-63 is open for comment!

Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today we are excited to announce the next step: the official public draft of SP 800-63-3 is out, open for public comment, and we’re anxiously awaiting more great feedback. The public draft will have a 60-day open comment period, closing on March 31st.

SP 800-63 document icons
        

GitHub remains the preferred tool for the public comment period; you can read the document here and you can contribute here. We also have a PDF version of the draft and comments can be submitted dig-comments [at] nist.gov (via email) to dig-comments [at] nist.gov. Note that we will make all comments publicly available by converting those shared via email to open GitHub “issues” to maintain an open and transparent process.

SP 800-63-3, our first foray into using GitHub for communicating with stakeholders, is a prime example of NIST’s history of engaging the community when developing publications. While in the past NIST and the community co-edited documents, we believe SP 800-63-3 is the first example of co-developing a publication.

We were able to engage the community in near real time to more quickly create a better, more innovative product. During the public preview – which ran from May 8 to September 17, 2016 – we had a tremendous response with at least 3,757 unique visitors to our GitHub repository, with contributors submitting 266 items for our review.

We look forward to hearing from you all with additional comments on the public draft of SP 800-63-3. The document enables federal agencies to accept more diverse sets of authentication and identity-proofing in an effort to improve the ability to mitigate risk. The draft also more closely aligns with the identity standards work occurring across the globe.

All about the webinar

Much has changed in SP 800-63 since revision 2, and we realize not everyone had a chance to review the document over the summer (you can find a full rundown of changes HERE). So, we are hosting an informational webinar to share some of the most significant updates we made to the document, highlight our approach during the public comment period, and most importantly, answer your questions about this significant set of updates.

So, mark your calendars for February 7th at 1:00 PM EST!

We look forward to you joining us during this webinar to share more about what’s in the new draft and engage you in the document’s evolution. You can register now HERE.

Note: this webinar will be hosted on ReadyTalk; please arrive early in case you need to download and install anything to participate.

We’ll see you then – and happy commenting!

Twitter: @NSTICnpo

About the author

Paul Grassi

Paul Grassi was a Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST). He joined NIST in June 2014 to advance and accelerate the development and...

Related posts

Let’s talk about IoT device security

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities

Comments

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.