Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-63-3 (Draft)

Digital Identity Guidelines

Date Published: January 2017
Comments Due: March 31, 2017 (public comment period is CLOSED)
Email Questions to:

Supersedes: SP 800-63-3 (05/08/2016)


Paul Grassi (NIST), Michael Garcia (NIST), James Fenton (Altmode Networks)


[3/31/17 Update: A Revised Draft of SP 800-63-3 has been posted and is available for comment until May 1, 2017, whereas the other three parts below, 800-63A, B and C, conclude their comment periods on March 31. For additional information, see the Revised Draft posting and a TIG blog post.]

The Trusted Identities Group (TIG) is pleased to announce the Public Draft of Special Publication 800-63-3, Digital Identity Guidelines, available in four parts:

SP 800-63-3  Digital Identity Guidelines
SP 800-63A   Enrollment & Identity Proofing Requirements
SP 800-63B   Authentication & Lifecycle Management
SP 800-63C   Federation & Assertions

This draft is a significant update to the current final version (SP 800-63-2), greatly impacting the techniques federal agencies can use to identity proof, authenticate individuals, and deploy identity solutions. The draft is available at and in the PDF linked below. We encourage readers to provide comments during this open period. For maximum flexibility to our stakeholder community we are offering two methods to submit comments. The preferred method is to submit comments here: We've included instructions at to assist those that are new to this process. 

For those unable to provide comments online, a comment matrix is provided below. Please note, all comments submitted via email will be transposed to our online comment page so that we can manage comments in a single place. We will include organizational attribution when we post the comment(s) online.



authentication; authentication assurance; authenticator; assertions; credential service provider; digital authentication; digital credentials; identity proofing; passwords; PKI
Control Families

Identification and Authentication; Access Control