Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Insights

a NIST blog

Many thanks for a successful 800-63-3 public preview!

September 20, 2016

By: Paul Grassi

A look back on the SP 800-63-3 public preview

As summer has flown by, you have kept us very busy reviewing your comments on GitHub to Special Publication (SP) 800-63-3 and engaged in a dialog about how this material can be enhanced to better support the public and private sectors. The response we’ve received to SP 800-63-3 – and this new approach – has been phenomenal and inspiring. And now, we’re excited to transition from the public preview period for draft NIST SP 800-63-3: Digital Authentication Guideline to the next critical phase – the 60-day public comment period. But before we do that, I’d like to explain what we learned this summer and where we are headed next…

Between May 8 and September 17, 2016 – our first foray into using GitHub to solicit and manage comments for a major document– there were at least 3,757 unique visitors to our GitHub repository, with contributors submitting 258 ‘issues’ (i.e. items for our review). The open-source nature of this approach allowed us to communicate directly with commenters, giving us a much better way of knowing whether we heard you. It also gave commenters the opportunity to review updates and tell us if we got it right. Our goal was to create a community-driven document, and we hope you agree that your thoughtful feedback substantially improved the document from its initial draft.

As of yesterday, we have temporarily stopped responding to issues posted on GitHub to prepare for the upcoming formal public comment phase. Anyone can view the document as it was yesterday. You can still open an issue—but please know that we will automatically close those issues and ask that you check the updated document when it is posted at the start of the public comment period. If you still see the issue, we ask you to please open it then.

What is coming next?

We’re aiming to release a new draft for public comment in mid-fall.

We’ll have full details upon release of the draft—and GitHub will remain the tool of choice during the public comment period—but we will also include a PDF version of the draft. In addition to submitting comments via GitHub, you will also have the option to submit comments to us via email. We always make comments publicly available, so our team will convert any comments that reach us via email to open GitHub ‘issues’ that everyone can see. This allows us to continue to be transparent about the issues that influence any changes we will ultimately make after the public comment period ends. It also encourages rich, ongoing dialogue—as anyone can discuss an open issue to help find the best possible resolution.

Thank you again for your contributions, support in this new approach, and willingness to be a part of this document’s evolution. We’re looking forward to keeping the discussion lively and impactful during the upcoming official public comment period this fall.

For those who want a deep dive into the latest draft, we’re planning a webinar at the beginning of the public comment period to answer any outstanding questions, and to give everyone an idea of what’s ahead for SP 800-63-3. Be sure to follow us on Twitter for future updates about the webinar including the date, registration details, and agenda.

Multi Factor Authentication and Publications

About the author

Paul Grassi

Paul Grassi was a Senior Standards and Technology Advisor at the National Institute of Standards and Technology (NIST). He joined NIST in June 2014 to advance and accelerate the development and adoption of identity authentication and authorization related standards and technologies needed to implement the identity ecosystem envisioned in the National Strategy for Trusted Identities in Cyberspace (NSTIC). Mr. Grassi has a broad background in technology and management consulting, and significant experience developing enterprise security strategies and systems, having served a range of Fortune 500 companies, as well as domestic and foreign governments. He is no longer at NIST, but continues to serve the identity community.

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide

May 1, 2024

The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators

April 22, 2024

We all need supplements sometimes. Whether it’s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly

Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…

February 26, 2024

NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity &

Comments

How does one reach GitHub?

Hi Rich, The GitHub page is hyperlinked in the blog above; here it is for easy access: https://pages.nist.gov/800-63-3/. Thanks, NSTIC Office

Add new comment

Your name

CAPTCHA

What code is in the image? *

Enter the characters shown in the image.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.