Here is the honest situation. The NIST SP 800-63 Digital Identity Guidelines define how to establish and use digital identity across three components: identity proofing (IAL), authentication (AAL) and federation (FAL). They require selecting assurance levels from a risk assessment, proofing identities, issuing and managing authenticators including multi-factor and phishing-resistant methods, modern password guidance, secure sessions, secure federation, privacy, usability and fraud mitigation. An organization picking authentication without assurance levels is exactly where organizations fall short.
This Kit removes the guesswork. It is the NIST SP 800-63 Digital Identity Guidelines written as adopt-ready controls you personalize in a weekend, with the evidence an assessor examines.
What you get, the moment you buy
Grounded in the NIST SP 800-63 Digital Identity Guidelines. Editable Word and Excel files.
What one control looks like
This is the opening control, where the program begins. All 18 are built to this depth.
Why this is not another template pack
- The evidence is the point. A requirement you cannot evidence is a gap waiting to be found. This tells you what an assessor examines and where organizations fall short, for every requirement.
- The specifics built in. The component's distinctive requirements are written into the controls, not left generic.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. This work shares its shape with related security and safety frameworks, so it feeds your wider program.
Who buys this
Identity, security and product teams running identity proofing, authentication and federation. Whether it is a first assurance baseline or an authentication uplift, you save weeks and walk in with your IAL, AAL and FAL, authenticator and federation controls structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Does it cover modern password guidance? Yes. Long passphrases, breach screening and avoiding forced rotation are built as a control.
Does it cover MFA and phishing resistance? Yes. Meeting the authenticator assurance level, including phishing-resistant MFA where required, is built as a control.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com