NIST SP 800-63 Digital Identity Guidelines
NIST SP 800-63-3 + 800-63A/B/C Digital Identity Guidelines (IAL/AAL/FAL assurance levels).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Authentication - AAL1 + AAL2
| Code | Title |
|---|---|
| NISTSP63-5 | AAL1 and AAL2 Authentication: MFA, Approved Authenticators, Session Binding |
Authentication - AAL3
| Code | Title |
|---|---|
| NISTSP63-6 | AAL3 Authentication: Hardware Cryptographic, Verifier Impersonation Resistance, Phishing Resistance |
Cross-cutting: Threat Model, Lifecycle, Privacy, Equity
| Code | Title |
|---|---|
| NISTSP63-8 | Threat Model, Lifecycle Management, Privacy, Equity, Records, and Subscriber Communication |
Digital Identity Risk and Assurance Level Selection
| Code | Title |
|---|---|
| NISTSP63-1 | Digital Identity Risk Assessment and Assurance Level Selection (IAL, AAL, FAL) |
Federation - FAL1/2/3
| Code | Title |
|---|---|
| NISTSP63-7 | Federation - FAL1, FAL2, FAL3 Assertions, RP Validation, Trust Agreements |
Identity Proofing - IAL1
| Code | Title |
|---|---|
| NISTSP63-2 | IAL1 Self-Asserted Identity Proofing |
Identity Proofing - IAL2
| Code | Title |
|---|---|
| NISTSP63-3 | IAL2 Remote and In-Person Identity Proofing |
Identity Proofing - IAL3
| Code | Title |
|---|---|
| NISTSP63-4 | IAL3 In-Person and Supervised Remote Identity Proofing |
Maps to 2 other frameworks
Frequently Asked Questions
What is NIST SP 800-63 Digital Identity Guidelines?
NIST SP 800-63 Digital Identity Guidelines is a compliance framework from United States with 8 domains and 8 controls. NIST SP 800-63-3 + 800-63A/B/C Digital Identity Guidelines (IAL/AAL/FAL assurance levels). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NIST SP 800-63 Digital Identity Guidelines have?
NIST SP 800-63 Digital Identity Guidelines has 8 controls organised across 8 domains. The largest domains are Authentication - AAL1 + AAL2 (1 controls), Authentication - AAL3 (1 controls), Cross-cutting: Threat Model, Lifecycle, Privacy, Equity (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NIST SP 800-63 Digital Identity Guidelines map to?
NIST SP 800-63 Digital Identity Guidelines maps to 2 other compliance frameworks. The top mapping partners are eIDAS 2.0 - EU Digital Identity Regulation (38% coverage), EMV 3‑D Secure (3DS) - Payment Authentication Protocol (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NIST SP 800-63 Digital Identity Guidelines compliance?
Start your NIST SP 800-63 Digital Identity Guidelines compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-63 Digital Identity Guidelines requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required