Digital Identity Guidelines
ANNOUNCEMENT: We have extended the comment period for the parent volume of NIST SP 800-63-3 only (not subsections A, B, or C) for 30 days, closing on May 1, 2017.
In consultation with the White House Office of Management and Budget, we developed an approach to include normative guidelines to manage digital identity risk directly into SP 800-63-3. Over the years, many of you have asked for a more consistent approach to risk assessment and associated technical risk mitigation guidance. We believe this change will make digital identity management simpler for agency officials, mission owners, and implementers alike. But – consistent with the approach we’ve taken with this update so far – we need your feedback to know if we got it right. Please check out the updated parent document on GitHub — and reach out to us if you have questions. You can also submit comments the old-fashioned way, via email.
For sections 800-63A, 800-63B, and 800-63C, we closed the comment period as scheduled on March 31, 2017. Pending comment resolution, we believe these documents are sufficiently stable to finalize. We expect to finalize and issue all four volumes together.
More details about the draft SP, webinar, and information about what is new are available on our blog!
This is a collaborative effort with NIST’s Computer Security Division. You can visit the computer security resource center for more information.
Read and comment
- Video: public draft webinar recording
- Public draft webinar slides
- Computer Security Division page on digital authentication
- Source information, current standards, and public comments received through May 2015
Related blog posts
Thank you for a successful public preview | September 2016
- Public preview announcement | May 2016
- Feedback reminder | July 2016