What NIST standard can a security architect reference for guidance on password compliance?

The National Institute of Standards and Technology (NIST) Special Publication 800-63, titled "Digital Identity Guidelines," is specifically designed to address identity proofing and authentication processes, which includes guidance on password requirements and compliance. This publication outlines best practices for managing credentials and ensuring secure authentication methods, which encompass the creation, management, and storage of passwords.

NIST 800-63 not only provides recommendations on the strength and complexity of passwords but also emphasizes the importance of usability and accessibility in authentication processes. It encourages the use of multifactor authentication and outlines a risk-based approach for implementing authentication processes, helping organizations comply with established security standards while ensuring user convenience.

In contrast, the other NIST publications mentioned focus on different aspects of security. For example, NIST 800-53 addresses broader security and privacy controls for information systems but does not specify password compliance guidelines directly. NIST 800-84 deals with guidebook recommendations for the testing and assessment of security systems, while NIST 800-207 provides guidance on zero trust architecture, which is a comprehensive strategy for securing network architecture rather than specific password management practices.