The rapid proliferation of online services over the past few years has heightened the need for reliable, equitable, secure, and privacy-protective digital identity solutions. Revision 4 of NIST’s Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite was published in 2017—including the real-world implications of online risks. The guidelines present the process and technical requirements for meeting digital identity management assurance levels for identity proofing, authentication, and federation, including requirements for security and privacy as well as considerations for fostering equity and the usability of digital identity solutions and technology.
Taking into account feedback provided in response to our June 2020 Pre-Draft Call for Comments, as well as research conducted into real-world implementations of the guidelines, market innovation, and the current threat environment, this draft seeks to: advance equity, emphasize optionality and choice for consumers, deter fraud and advanced threats, improve privacy, and address implementation lessons learned.
The draft publications are:
Please submit your comments via email (dig-comments@nist.gov) by 11:59 PM ET on March 24 April 14, 2023. The Note to Reviewers section highlights the specific topics NIST is hoping for feedback on; please note that NIST will review all comments and make them available on the NIST identity and Access Management Resource Center (NIST IAM).
Security and Privacy: identity & access management