Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-63B

Digital Identity Guidelines: Authentication and Lifecycle Management

Date Published: June 2017 (includes updates as of 03-02-2020)

Supersedes: SP 800-63B (12/01/2017)

Planning Note (04/22/2024):

A new supplement to this report is available: NIST SP 800-63Bsup1, Incorporating Syncable Authenticators into NIST SP 800-63B. This includes guidance on the use of passkeys.


Paul Grassi (NIST), Elaine Newton (NIST), James Fenton (Altmode Networks), Ray Perlner (NIST), Andrew Regenscheid (NIST), William Burr (Dakota Consulting), Justin Richer (Bespoke Engineering), Naomi Lefkovitz (NIST), Jamie Danker (DHS), Yee-Yin Choong (NIST), Kristen Greene (NIST), Mary Theofanos (NIST)



authentication; federation;  ; credential service provider;  ; digital authentication;  ; digital credentials;  ; electronic authentication;  ; electronic credentials
Control Families

None selected


Download URL

Supplemental Material:
None available

Publication Parts:
SP 800-63-3
SP 800-63A
SP 800-63B
SP 800-63C

Related NIST Publications:
SP 800-63-4 (Draft)

Document History:
03/02/20: SP 800-63B (Final)


Security and Privacy