That's not entirely correct. The main purpose is how US federal agencies handle stuff such as digital identities, this includes all digital identities - employees and citizens/other. Private institutions can use it as guidance for whatever purpose.
You can find this information in the abstract of revisions https://pages.nist.gov/800-63-3/sp800-63-3.html