Change Log
This appendix is informative.
This appendix provides a high-level overview of the changes to SP 800-63A since its initial release.
- Reorganizes the sections to introduce general identity proofing requirements before providing specific requirements
- Separates global requirements from IAL-specific requirements to facilitate the design of identity services, regardless of assurance level
- Provides requirements for lower-risk applications, through an updated IAL1
- Introduces fraud mitigation guidance and requirements
- Adds requirements for CSP-specific privacy and equity risk assessments and considerations for integrating the results into agency assessment processes
- Introduces the concept of core attributes
- Decouples the collection of identity attributes from the collection of identity evidence
- Adjusts evidence collection requirements for IALs 1 and 2
- Expands acceptable evidence and attribute validation sources to include credible sources
- Provides non-biometric options for identity verification at IALs 1 and 2
- Adds new guidance and requirements for subscriber accounts
- Adds new guidance and requirements for the consideration of equity risks associated with identity proofing processes
- Introduces exception handling concepts and requirements, including requirements for the use of trusted referees and applicant references