Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

From public preview to public draft: SP 800-63 is open for comment!

Last summer’s efforts on draft SP 800-63-3: Digital Identity Guidelines paved the way for a lot of positive changes – thanks to all who provided feedback. Today we are excited to announce the next step: the official public draft of SP 800-63-3 is out, open for public comment, and we’re anxiously awaiting more great feedback. The public draft will have a 60-day open comment period, closing on March 31st.

SP 800-63 document icons

GitHub remains the preferred tool for the public comment period; you can read the document here and you can contribute here. We also have a PDF version of the draft and comments can be submitted dig-comments [at] (via email) to dig-comments [at] (dig-comments[at]nist[dot]gov). Note that we will make all comments publicly available by converting those shared via email to open GitHub “issues” to maintain an open and transparent process.

SP 800-63-3, our first foray into using GitHub for communicating with stakeholders, is a prime example of NIST’s history of engaging the community when developing publications. While in the past NIST and the community co-edited documents, we believe SP 800-63-3 is the first example of co-developing a publication.

We were able to engage the community in near real time to more quickly create a better, more innovative product. During the public preview – which ran from May 8 to September 17, 2016 – we had a tremendous response with at least 3,757 unique visitors to our GitHub repository, with contributors submitting 266 items for our review.

We look forward to hearing from you all with additional comments on the public draft of SP 800-63-3. The document enables federal agencies to accept more diverse sets of authentication and identity-proofing in an effort to improve the ability to mitigate risk. The draft also more closely aligns with the identity standards work occurring across the globe.

All about the webinar

Much has changed in SP 800-63 since revision 2, and we realize not everyone had a chance to review the document over the summer (you can find a full rundown of changes HERE). So, we are hosting an informational webinar to share some of the most significant updates we made to the document, highlight our approach during the public comment period, and most importantly, answer your questions about this significant set of updates.

So, mark your calendars for February 7th at 1:00 PM EST!

We look forward to you joining us during this webinar to share more about what’s in the new draft and engage you in the document’s evolution. You can register now HERE.

Note: this webinar will be hosted on ReadyTalk; please arrive early in case you need to download and install anything to participate.

We’ll see you then – and happy commenting!

Twitter: @NSTICnpo

About the author

Paul Grassi

Paul Grassi was a Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST). He joined NIST in June 2014 to advance and accelerate the development and adoption of identity authentication and authorization related standards and technologies needed to implement the identity ecosystem envisioned in the National Strategy for Trusted Identities in Cyberspace (NSTIC). Mr. Grassi has a broad background in technology and management consulting, and significant experience developing enterprise security strategies and systems, having served a range of Fortune 500 companies, as well as domestic and foreign governments. He is no longer at NIST, but continues to serve the identity community.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.