Date Published: January 2017
Comments Due:
Email Questions to:
Supersedes:
SP 800-63-3 (05/08/2016)
Author(s)
Paul Grassi (NIST), Michael Garcia (NIST), James Fenton (Altmode Networks)
Announcement
[3/31/17 Update: A Revised Draft of SP 800-63-3 has been posted and is available for comment until May 1, 2017, whereas the other three parts below, 800-63A, B and C, conclude their comment periods on March 31. For additional information, see the Revised Draft posting and a TIG blog post.]
The Trusted Identities Group (TIG) is pleased to announce the Public Draft of Special Publication 800-63-3, Digital Identity Guidelines, available in four parts:
SP 800-63-3 Digital Identity Guidelines
SP 800-63A Enrollment & Identity Proofing Requirements
SP 800-63B Authentication & Lifecycle Management
SP 800-63C Federation & Assertions
This draft is a significant update to the current final version (SP 800-63-2), greatly impacting the techniques federal agencies can use to identity proof, authenticate individuals, and deploy identity solutions. The draft is available at https://pages.nist.gov/800-63-3 and in the PDF linked below. We encourage readers to provide comments during this open period. For maximum flexibility to our stakeholder community we are offering two methods to submit comments. The preferred method is to submit comments here: https://github.com/usnistgov/800-63-3/issues. We've included instructions at https://pages.nist.gov/800-63-3/comment_help.html to assist those that are new to this process.
For those unable to provide comments online, a comment matrix is provided below. Please note, all comments submitted via email will be transposed to our online comment page so that we can manage comments in a single place. We will include organizational attribution when we post the comment(s) online.
These guidelines provide technical requirements for Federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. They define technical requirements in each of the areas of identity proofing, registration, authenticators, management processes, authentication protocols and related assertions. This publication supersedes NIST SP 800-63-1 and SP 800-63-2.
These guidelines provide technical requirements for Federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover remote authentication of users (such as employees, contractors, or private...
See full abstract
These guidelines provide technical requirements for Federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. They define technical requirements in each of the areas of identity proofing, registration, authenticators, management processes, authentication protocols and related assertions. This publication supersedes NIST SP 800-63-1 and SP 800-63-2.
Hide full abstract
Keywords
authentication; authentication assurance; authenticator; assertions; credential service provider; digital authentication; digital credentials; identity proofing; passwords; PKI
Control Families
Access Control; Identification and Authentication
