800-63-3
800-63-3 copied to clipboard
usnistgov
Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines
The requirements for those facilitating a supervised remote proofing session at AAL3 should be clarified. In particular, the role of an "operator" and what, if any, local supervision is required...
-63B Section 6.1.2.1 says that the CSP SHOULD send a notification to the subscriber when a new authenticator is bound. This should probably be a SHALL at AAL3.
(Submitted by MITRE) In 800-63A Sections 4 and 5: The document does not address the scenarios where a credential is issued to an applicant whom the issuer knows personally. Where...
(Submitted by MITRE) In 800-63C Section 9.1 paragraph 1: "For example, a subscriber using the same IdP to authenticate to multiple RPs allows the IdP to build a profile of...
The Logic in the Selecting AAL document appears to be incorrect. Please review the "AAL1/AAL2" flow. Either the Yes/No boxes are reversed or the text above the Yes/No boxes is...
The validity period for enrollment codes delivered by postal mail (-63A section 4.4.1.6 item 5e) s different from the validity period for confirmation codes delivered by postal mail (-63B section...
This wrong word "**most**": `... to select the most appropriate authentication requirements for their digital service offering.` Should read "**minimum**" `... to select the minimum appropriate authentication requirements for their...
-63B section 5.1.1.2 discusses the use of Unicode in passwords, and says, "For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character."...
-63B Section 6.4 requires revocation of authenticators upon termination, and further requires surrender or destruction of hardware-based authenticators containing certified attributes. If a hardware-based authenticator is surrendered and destroyed or...
(From IRS) A couple things to think about as you consider what the clarification is: In reality, virtually no agency will perform KBV on a FAIR piece of evidence. KBV...
