Change Log

This appendix is informative.

This appendix provides a high-level overview of the changes made to SP 800-63A since its initial release.

• Separates global requirements from IAL-specific requirements to facilitate the design of identity services, regardless of assurance level
• Reorganizes the sections to introduce general identity proofing requirements before providing specific requirements
• Introduces the concept of core attributes
• Decouples the collection of identity attributes from the collection of identity evidence
• Introduces fraud management guidance and requirements
• Provides guidance and requirements for digital injection prevention and forged media detection
• Adds requirements for CSP-specific privacy risk assessments and considerations for integrating the results into agency assessment processes
• Expands acceptable evidence and attribute validation sources to include credible sources
• Introduces exception handling concepts and requirements, including requirements for the use of trusted referees and applicant references
• Provides requirements for lower-risk applications through an updated IAL1
• Adjusts evidence collection requirements for IALs 1 and 2
• Provides non-biometric options for identity verification at IALs 1 and 2
• Adds new guidance and requirements for subscriber accounts