Date Published: April 9, 2015
Comments Due: May 22, 2015 (public comment period is CLOSED)
Email Questions to: eauth-comment@nist.gov
Planning Note (5/8/2016):
Comments received on SP 800-63-2 have been considered while planning the Public Preview phase of SP 800-63-3 development. Learn more about the Trusted Identities Group's (TIG) digital identity projects.
Summary
NIST requests comments on SP 800-63-2, Electronic Authentication Guideline. This document describes the technical requirements necessary to meet the four Levels of Assurance (LOA) that are specified in the Office of Management and Budget (OMB) memorandum M-04-04, E-Authentication Guidance for Federal Agencies.
Background
In 2004, NIST published the initial version of Special Publication (SP) 800-63, Electronic Authentication Guideline. Since then, two revisions have been published, the latest of which, SP 800-63-2, was published in August 2013. NIST is considering a significant update to SP 800-63-2 in response to market innovation, evolving federal requirements, and an advanced threat landscape targeting remote authentication.
Several recent developments suggest the need for a possible revision at this time:
NIST is soliciting public feedback on this Special Publication to identify areas that industry and government deem most significant for revision. We will review all public comments and make them available on the Computer Security Resource Center (CSRC) website.
Note to Reviewers
To facilitate this review, we have compiled a number of topics of interest to which we would like reviewers to respond. While we would like reviewers to respond to as many of these as they wish, it is not necessary to answer all of them. Furthermore, reviewers should feel free to suggest other areas of revision or enhancement to the document. Recommendations for revisions that are not within the scope of SP 800-63 may be considered; however NIST cannot ensure the recommendations will be included in a potential update.
None selected
Publication:
Comments received on SP 800-63-2
Supplemental Material:
None available
Document History:
04/09/15: SP 800-63-3 (Draft)
05/08/16: SP 800-63-3 (Draft)
01/30/17: SP 800-63-3 (Draft)
03/31/17: SP 800-63-3 (Draft)
06/22/17: SP 800-63-3
Security and Privacy
authentication