U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-63-3 (Draft)

Digital Identity Guidelines

Date Published: January 2017
Comments Due: March 31, 2017 (public comment period is CLOSED)
Email Questions to: dig-comments@nist.gov

Supersedes: SP 800-63-3 (05/08/2016)


Paul Grassi (NIST), Michael Garcia (NIST), James Fenton (Altmode Networks)


[3/31/17 Update: A Revised Draft of SP 800-63-3 has been posted and is available for comment until May 1, 2017, whereas the other three parts below, 800-63A, B and C, conclude their comment periods on March 31. For additional information, see the Revised Draft posting and a TIG blog post.]

The Trusted Identities Group (TIG) is pleased to announce the Public Draft of Special Publication 800-63-3, Digital Identity Guidelines, available in four parts:

SP 800-63-3  Digital Identity Guidelines
SP 800-63A   Enrollment & Identity Proofing Requirements
SP 800-63B   Authentication & Lifecycle Management
SP 800-63C   Federation & Assertions

This draft is a significant update to the current final version (SP 800-63-2), greatly impacting the techniques federal agencies can use to identity proof, authenticate individuals, and deploy identity solutions. The draft is available at https://pages.nist.gov/800-63-3 and in the PDF linked below. We encourage readers to provide comments during this open period. For maximum flexibility to our stakeholder community we are offering two methods to submit comments. The preferred method is to submit comments here:  https://github.com/usnistgov/800-63-3/issues. We've included instructions at https://pages.nist.gov/800-63-3/comment_help.html to assist those that are new to this process. 

For those unable to provide comments online, a comment matrix is provided below. Please note, all comments submitted via email will be transposed to our online comment page so that we can manage comments in a single place. We will include organizational attribution when we post the comment(s) online.



authentication; authentication assurance; authenticator; assertions; credential service provider; digital authentication; digital credentials; identity proofing; passwords; PKI
Control Families

Identification and Authentication; Access Control