Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Identity & access management


Now Open for Comments thru February 29, 2024!  |  EU-US TTC WG-1 Digital Identity Mapping Exercise Report and upcoming Webinar on February 22, 2024.

Draft Identity and Access Management Roadmap 

View recordings from NIST's three-part Digital Identity Guidelines Webinar Series

Generic picture of ID with blue background
Credit: Shutterstock

Identity and Access Management is a fundamental and critical cybersecurity capability. Simply put, with its focus on foundational and applied research and standards, NIST seeks to ensure the right people and things have the right access to the right resources at the right time.

To advance the state of identity and access management, NIST

  • Conducts focused research to better understand new and emerging technologies, their impact on existing standards, and the implementation of identity and access management solutions;
  • Leads in the development of national and international identity and access management standards, guidance, best practices, profiles, and frameworks to create an enhanced, interoperable suite of secure, privacy-enhancing solutions, including authentication and authorization within the Internet of Things (IoT);
  • Evolves its identity and access management standards, guidelines and resources; and
  • Produces example solutions that bring together the identity management and cybersecurity requirements needed to address specific business cybersecurity challenges.

Through this Identity and Access Management Resource Center, we seek to share our efforts that strengthen the security, privacy, usability and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.

Featured Content