Resource Digital Identity Identity Proofing

NIST Digital Identity Guidelines: Special Publication 800-63, Revision 4

Federal guidelines for digital identity services, outlining technical and procedural requirements for identity proofing, authentication, and federation.

Organization: National Institute of Standards and Technology (NIST)

Authors: David Temoshok, Diana Proud-Madruga, Yee-Yin Choong, Ryan Galluzzo, Sarbari Gupta, Connie LaSalle, Naomi Lefkovitz, Andrew Regenscheid

Published Year: 2025

View Source

Download Resource

Published in August 2025 by the National Institute of Standards and Technology (NIST), this document updates the Digital Identity Guidelines, replacing version 800-63-3.

It defines three core assurance levels—Identity Assurance Level (IAL), Authentication Assurance Level (AAL), and Federation Assurance Level (FAL)—to help federal agencies assess and implement secure, privacy-respecting identity systems. The guidelines emphasize risk-based approaches, privacy-enhancing technologies, and interoperable authentication methods, ensuring trustworthy digital interactions across government services.

Key changes include:

• Updates to context setting for risk management, reframed risk management processes, and new expectations for greater cross-functional engagement.
• New recommended continuous evaluation metrics.
• Expanded fraud requirements and recommendations for identity proofing processes.
• Restructured identity proofing controls to better define roles and types of identity proofing.
• Added controls for addressing injection attacks and forged media (e.g., “deep fakes”).
• Integration of syncable authenticators (e.g., synced passkeys).
• Representation of subscriber-controlled wallets in the federation model.