Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-63-3(Draft)

Digital Authentication Guideline (Public Preview)

Date Published: May 2016
Comments Due: September 7, 2016 (public comment period is CLOSED)
Email Questions to:

Supersedes: SP 800-63-3 (04/09/2015)


Paul Grassi (NIST)


[Updated: 11/30/2016]

NIST has initiated an effort to update Special Publication 800-63-2, Electronic Authentication Guideline. After a call for comments on SP 800-63-2 in 2015, NIST began drafting a revision of the Guideline, which is being reorganized into multiple parts:

SP 800-63-3    Digital Authentication Guideline
SP 800-63A    Enrollment and Identity Proofing Requirements
SP 800-63B    Authentication and Lifecycle Management
SP 800-63C    Federation and Assertions

SP 800-63-3 development will follow a four-phase approach:

Phase I - Initial Drafting (March-April) [completed]
Phase II - Public Preview (May-September) [completed]
Phase III - Public Comment (starting January 2017)
Phase IV - Document Finalization (mid-2017)

The Guideline is currently being prepared for the Public Comment phase (Phase III), comprising a traditional, extended public comment period.

Visit the links below to learn more:


Control Families

Identification and Authentication;


SP 800-63-3 Development: Public Preview Site (GitHub)

Supplemental Material:
Development Milestones (other)
Public Preview Summary (blog) (other)

Document History:
04/09/15: SP 800-63-3 (Draft)
05/08/16: SP 800-63-3 (Draft)
01/30/17: SP 800-63-3 (Draft)
03/31/17: SP 800-63-3 (Draft)
06/22/17: SP 800-63-3