More than a year in the making, and after a large, cross-industry effort, NIST is proud to announce the new SP 800-63.
The Special Publication (SP) 800-63 suite provides technical requirements for federal agencies implementing digital identity services. The publication includes: an overview of identity frameworks; using authenticators, credentials, and assertions in a digital system; and a risk-based process to select assurance levels. Organizations have the flexibility to choose the appropriate assurance level for their needs.
SP 800-63 comprises a suite of documents that can be used independently or in concert to meet identity needs.
For the new SP 800-63, NIST sought to simplify and clarify guidance, better align with commercial markets, promote international interoperability, and focus on outcomes (where possible) to promote innovation and deployment flexibility. Furthermore, the updates in this publication give relying parties latitude in designing, building, consuming, and procuring identity technology.
NIST has co-developed SP 800-63-3 with the community (feedback was solicited via GitHub and email) to ensure that it helps organizations implement effective digital identity services, reflects available technologies in the market, and makes room for innovations on the horizon. GitHub has enabled NIST to engage the community in near-real-time to more efficiently create a better product. The SP 800-63 update process included multiple iterations and opportunities for stakeholders to weigh in on the document.
Before NIST released SP 800-63 as final, community participation in drafting the publication resulted in 1,400+ comments—and the web version of the publication drew 74,000+ unique visitors between May 2016 and May 2017.
NIST will work with the community to prepare implementation guidance for the Digital Identity Guidelines. The goal is to give implementers easily deployable guidance and help them meet the requirements.
NIST is drafting SP 800-63D, a relatively simple additional volume detailing efforts to align with international technical specifications for interoperable identity in federations—including SAML profiles and an iGov OpenID Connect/OAuth profile developed in partnership with industry and other governments.
June 2017 | SP 800-63-3 published | more
May 2017 | Draft SP 800-63-3 public comment closes
January 2017 | Draft SP 800-63-3 released for public comment | more
September 2016 | Draft SP 800-63-3 public preview closes | more
May 2016 | Draft SP 800-63-3 released for public preview | more
May 2015 | Public comment on SP 800-63-2 closes | more
April 2015 | Public comment on SP 800-63-2 opens | more
August 2013 | SP 800-63-2 published | PDF
December 2011 | SP 800-63-1 published | PDF
April 2006 | SP 800-63 version 1.0.2 published | PDF
September 2004 | SP 800-63 version 1.0.1 published
June 2004 | SP 800-63 first published
Source information, current standards, and public comments received through May 2015 | more
Return of the Great Zoltan! Our 800-63 FAQs answer life’s most perplexing questions (about digital identity, anyway). | July 2017 | more
Mic Drop — Announcing the New Special Publication 800-63 Suite! | June 2017 | more
A minor plot twist: comment period extended for part of SP 800-63-3 | March 2017 | more