• a NIST blog Today is the day! • Digital Identity Guidelines, Revision 4 is finally here…it’s been an exciting journey and NIST is honored to be a part of it. • Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. • The guidelines presented in Revision 4 explain the process and technical requirements for meeting digital identity assurance levels for identity proofing, authentication, and federation-including requirements for security and privacy, as well as considerations for improved customer experience of digital identity solutions and technology. • The guidelines also establish identity management as a cross-functional process involving professionals representing cybersecurity, privacy, usability, program integrity, mission and business units, and other disciplines. • Identity risk management in Revision 4 has continued its evolution towards a “team sport” that can more effectively address the needs of the organization and the individuals it seeks to serve.
Article Summaries:
- NIST has released Revision 4 of its Digital Identity Guidelines (Special Publication 800‑63), following a nearly four‑year collaborative effort that included two public drafts and roughly 6,000 comments. The update expands on identity proofing, authentication, and federation, adding new requirements for security, privacy, and customer experience. It emphasizes cross‑functional identity management and treats risk management as a “team sport.” Key changes include revised password composition and rotation rules. NIST is already developing implementation resources, machine‑readable conformance criteria, and a Digital Identity Risk Management tool, while inviting further feedback via dig‑comments@nist.gov.
Sources: