Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-63-4: Digital Identity Guidelines | Second Public Draft
August 21, 2024

The rapid proliferation of online services over the past few years has heightened the need for reliable, equitable, secure, and privacy-protective digital identity solutions. Revision 4 of NIST’s Special Publication (SP) 800-63, Digital Identity Guidelines, responds to the changing digital landscape that has emerged since the last major revision of this suite was published in 2017—including the real-world implications of online risks. The guidelines present the process and technical requirements for meeting digital identity management assurance levels for identity proofing, authentication, and federation, including requirements for security and privacy as well as considerations for fostering equity and the usability of digital identity solutions and technology.

Webinar on August 28, 2024 | Digital Identity Guidelines Update

Join us on 8/28 from 12:00 pm - 2:00 pm EDT for a webinar where we will cover the major changes to all four volumes. Registration is open until the event begins.

 

In December 2022, NIST released the Initial Public Draft (IPD) of SP 800-63, Revision 4. Over the course of a 119-day public comment period, NIST received close to 4000 comments that improved these Digital Identity Guidelines in a manner that supports NIST's critical goals of providing foundational risk management processes and requirements that enable secure, private, equitable, and accessible identity systems.

Based on this initial wave of feedback, several substantive changes have been made across all the volumes. These changes include but are not limited to: updated text and context setting for risk management; added recommended continuous evaluation metrics; expanded fraud requirements and recommendations; restructured identity proofing controls; integrated syncable authenticators; and added user-controlled wallets to the federation model.

Additionally, this draft seeks to:

  • Address comments received in response to the IPD of Revision 4 of SP 800-63.
  • Clarify the text to address the questions and issues raised in the public comments.
  • Update all four volumes of SP 800-63 based on current technology and market developments, the changing digital identity threat landscape, and organizational needs for digital identity solutions to address online security, privacy, usability, and equity.

These second public drafts (2PD) include:

Please submit your comments via email (dig-comments@nist.gov) by 11:59 PM ET on October 7, 2024. Comments are requested on all four drafts listed above.

The Note to Reviewers section highlights the specific topics NIST is hoping for feedback on and provides a template that can be used to submit comments; please note that NIST will review all comments and make them available to the public.

Related Topics

Security and Privacy: identity & access management

Created July 31, 2024, Updated August 22, 2024