NIST SPECIAL PUBLICATION 800-63-3 IMPLEMENTATION RESOURCES
NIST SPECIAL PUBLICATION 800-63-3
IMPLEMENTATION RESOURCES
July 1, 2020
This publication is available free of charge from:
Digital Identity Guidelines: Implementation Resources
NIST Special Publication 800-63-3, Digital Identity Guidelines, is an umbrella
publication that introduces the digital identity model described in the SP 800-63-3
document suite. It frames identity guidelines in three major areas:
? Enrollment and identity proofng (SP 800-63A)
? Authentication and lifecycle management (SP 800-63B)
? Federation and assertions (SP 800-63C)
In addition to introducing the detailed guidelines in these areas, SP 800-63-3 addresses
the factors involved in choosing the appropriate Identity Assurance Level (IAL),
Authentication Assurance Level (AAL), and Federation Assurance Level (FAL) for a
given application.
These implementation resources are provided pursuant to OMB memorandum M-1917. While these resources reference normative guidelines in the SP 800-63-3 document
suite and other documents, these resources are intended as informative implementation
guidance and are not normative. These implementation resources provide guidance for SP
800-63-3 in three parts: Part A addresses SP 800-63A, Part B addresses SP 800-63B, and
Part C addresses SP 800-63C. Section numbers are presented in parentheses in each part
which refer to the SP 800-63-3 volume corresponding to that part.
Comments on these guidelines are welcomed and can be submitted via email to digcomments@.
i
July 1, 2020
NIST Special Publication 800-63-3 Implementation
Resources
Table of Contents
A.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
A.2 Identity Proofng Process Documentation . . . . . . . . . . . . . . . . . . . .
2
A.3 Identity Resolution and Evidence Collection . . . . . . . . . . . . . . . . . .
4
A.4 Identity Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
A.5 Identity Verifcation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
A.6 Enrollment Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
A.7 Biometrics Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
A.8 Supervised Remote Identity Proofng . . . . . . . . . . . . . . . . . . . . . . 20
A.9 Use of Trusted Referees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
A.10 IAL2 Remote Identity Proofng . . . . . . . . . . . . . . . . . . . . . . . . . 23
B.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
B.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
B.3 Authenticator Assurance Levels . . . . . . . . . . . . . . . . . . . . . . . . . 33
B.4 Authenticators and Verifers . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
B.5 Authenticator Lifecycle Management . . . . . . . . . . . . . . . . . . . . . . 53
B.6 Session Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
C.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
C.2 Choosing Security Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 60
C.3 Guidance for Relying Parties . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
C.4 Guidance for Identity Providers . . . . . . . . . . . . . . . . . . . . . . . . . 70
C.5 Example Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
C.6 Educational Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
List of Tables
Table A-3-1 Digital Collection Methods . . . . . . . . . . . . . . . . . . . . . . . . 6
Table A-3-2 Notional Strength of Evidence . . . . . . . . . . . . . . . . . . . . . . 8
Table A-4-1 Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ii
Table A-5-1 Verifcation Methods and Strengths . . . . . . . . . . . . . . . . . . . 15
Table B-4-1 General Authenticator Requirements (1) . . . . . . . . . . . . . . . . . 46
Table B-4-2 General Authenticator Requirements (2) . . . . . . . . . . . . . . . . . 46
List of Figures
Fig. 1
Individual Identity Proofng Journey . . . . . . . . . . . . . . . . . . . . .
iii
1
SP 800-63-3 Implementation Resources
A.1 Introduction
NIST Special Publication 800-63A Enrollment and Identity Proofng provides detailed
requirements and controls for the enrollment and identity proofng of individuals
into digital identity systems. These resources provide informational guidance for the
implementation of services, controls and requirements presented in SP 800-63A. These
implementation resources should be read alongside SP 800-63A.
A.1.1 Identity Proofng
Identity proofng is the process by which a Credential Service Provider (CSP) collects and
verifes information about a person for the purpose of issuing credentials to that person, as
illustrated in Figure 1.
Figure 1. Individual Identity Proofng Journey
These identity proofng processes and associated controls and requirements are presented
in NIST SP 800-63A in order to achieve the following processing objectives:
? Resolve a claimed identity to a single, unique identity within the context of the
population of users served by the CSP.
? Validate
¨C that all evidence that is supplied is valid (correct) and genuine (not counterfeit
or misappropriated); and
¨C that the claimed identity exists in the real world.
? Verify that the claimed identity is associated with the real person supplying the
identity evidence.
1
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- it security procedural guide contingency planning cp
- term nist definition definition source
- publication number nist special publication sp 800 53
- standard operating procedure nasa
- nist cloud computing security reference architecture
- business continuity and disaster recovery
- nist sp 800 34 revision 1 contingency planning guide
- information technology security management plan
- contingency planning guide for federal information nist
- nist special publication 800 63 3 implementation resources