During the processing of public comments, the SP 800-63-4 editorial team will be reviewing incoming comments on the document suite. This page exists to catalog major and common issues that the team is aware of and will be addressed by the final version of the guidelines.
In section 5.3.3. Evidence and Core Attributes Validation Requirements, we note that there is a requirement that states: βthe CSP SHALL validate the genuineness of each piece of FAIR evidence by visual inspection by trained personnel.β As written, this requirement inadvertently mandates that fair evidence must be physical and that an attended scenario is required to visually inspect the evidence. This is inadvertent. The intent is to allow for validation of fair evidence which may be physical or digital and to support both attended and unattended use cases. This requirement will be modified to make that clear.
In section 4.3.3.3 Superior Evidence Requirements, there is a requirement that states β7. The evidence includes physical security features that make it difficult to copy or reproduce.β As written, this appears to exclude digital evidence which may not have specific physical security features. This is unintended. The requirement will be updated to reflect physical security features as being specific requirements for physical evidence.