Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Identity & access management


The Draft Fourth Revision of NIST SP 800-63, Digital Identity Guidelines is available for review, and we need your feedback! NIST will accept all input submitted until 11:59pm on Friday, March 24, 2023, through the following site:

NIST hosted a virtual event, Digital Identity Guidelines – Kicking off Revision 4!, on January 12, 2023. Presentation slides are posted here.

Identity and Access Management is a fundamental and critical cybersecurity capability. Simply put, with its focus on foundational and applied research and standards, NIST seeks to ensure the right people and things have the right access to the right resources at the right time.

To advance the state of identity and access management, NIST

  • Conducts focused research to better understand new and emerging technologies, their impact on existing standards, and the implementation of identity and access management solutions;
  • Leads in the development of national and international identity and access management standards, guidance, best practices, profiles, and frameworks to create an enhanced, interoperable suite of secure, privacy-enhancing solutions, including authentication and authorization within the Internet of Things (IoT);
  • Evolves its identity and access management standards, guidelines and resources; and
  • Produces example solutions that bring together the identity management and cybersecurity requirements needed to address specific business cybersecurity challenges.

Through this Identity and Access Management Resource Center, we seek to share our efforts that strengthen the security, privacy, usability and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.

Featured Content