In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand.
Our goal remains to have the next version of each volume out by the Spring of 2024. With our gratitude for the robust and substantive engagement we received during the comment period, at this time we would like to announce that all four volumes of Special Publication 800-63-4 will have a second public comment period, which will last at least 45 days.
- NIST SP 800-63 Base Volume. We are making substantive changes to the volume including updating the digital identity model to account for “Issuer, Holder, Verifier” frameworks of digital identity, new content around continuous evaluation metrics, and updates to the digital identity risk management processes.
- NIST SP 800-63 A: Identity Proofing and Enrollment. We received over 1,500 comments on this volume alone. Based on this feedback, we are making updates to IAL1 to better balance user burden and security, modifying how we frame the different types of identity proofing, and providing an additional discussion of fraud detection and mitigation approaches.
- NIST SP 800-63B: Authentication and Lifecycle Management. Updates to this volume largely relate to NIST’s approach to synched authenticators (e.g., passkeys) and account recovery. We are also adding a new authenticator type to account for emerging credential types. While these changes are not overwhelming in their volume, they constitute changes of sufficient substance to warrant a second public review.
- NIST SP 800-63C: Federation and Assertions. We will be adding a new section to cover the presentation of Mobile Driving Licenses (mDLs) and verifiable credentials. This section will also provide basic security requirements for “digital wallets” that store and convey documents and identity information.
To get the full rundown from our August session, you can find the video feed and materials here: Digital Identity What’s Next for NIST? If you have questions or comments about the current Guidelines (Revision 3) or the draft volumes (Revision 4) you can send all inquiries to dig-comments [at] nist.gov (dig-comments[at]nist[dot]gov).
Happy holidays, and be on the lookout for additional updates in the new year (including updates to our Identity Management Roadmap)!
~The Digital Identity Guidelines Team