U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-63-3 (Draft)

Digital Identity Guidelines (Revised Draft)

Date Published: March 2017
Comments Due: May 1, 2017 (public comment period is CLOSED)
Email Questions to: dig-comments@nist.gov


Paul Grassi (NIST), Michael Garcia (NIST), James Fenton (Altmode Networks)


The Trusted Identities Group (TIG) has posted a Revised Draft of the parent document for Special Publication 800-63-3, Digital Identity Guidelines, whose comment period closes May 1, 2017. This extended comment period is for the parent volume only; not sections A, B, or C. (The original draft was posted from January 30 - March 31, 2017.)

A blog post provides additional details about this revised draft and the extended comment period.

The revised draft is available at https://pages.nist.gov/800-63-3 and in the PDF linked below. We encourage readers to provide comments during this open period. For maximum flexibility to our stakeholder community we are offering two methods to submit comments. The preferred method is to submit comments here:  https://github.com/usnistgov/800-63-3/issues. We've included instructions at https://pages.nist.gov/800-63-3/comment_help.html to assist those that are new to this process. 

For those unable to provide comments online, a comment matrix is provided below. Please note, all comments submitted via email will be transposed to our online comment page so that we can manage comments in a single place. We will include organizational attribution when we post the comment(s) online.



authentication; authentication assurance; authenticator; assertions; credential service provider; digital authentication; digital credentials; identity proofing; passwords; PKI
Control Families

Identification and Authentication; Access Control