Scalable IAL3 identity proofing for large identity programs

The NIST 800-63 Digital Identity Guidelines form an essential cornerstone of modern security, emphasizing extensive identity proofing and strong phishing-resistant authentication. By adhering to SP 800-63-4 organizations can meet federal compliance requirements while employing authentication methods that reduce fraud while improving user experience.

For a CSP to earn NIST 800-63A IAL3 , they must demonstrate they can validate any combination of 1 SUPERIOR and 2 STRONG evidence validation strengths against any piece of ID&V evidence submitted and verified - including physical or biometric comparison.

What is NIST IAL3 verification?

NIST has established Identity Verification Level 3 as their highest identity proofing level, for use by organizations who need the utmost confidence that an individual's claimed ID corresponds with their actual identity - such as government agencies, odometer disclosures or those needing access to sensitive business applications. While lower ID Verification levels allow self-asserted information, IAL3 requires human attendance either co-located with or via CSP kiosk/device for proof.

Though NIST's IAL, AAL, and FAL remain present in SP 800-63-4, they have been modified to address modern security requirements. This includes increasing validation strength requirements, integrating cryptographic binding in federated transactions, and supporting remote ID&V through user-controlled devices. Our NIST IAL3 verification solution, Trust Swiftly can assist in meeting these standards by offering chat, video, facial recognition with liveness detection capability, document authentication services, step-up reproofing based on risk and step-up reproofing on risk - providing regular user verification capabilities while keeping organizations secure against sophisticated fraud techniques.

What is NIST IAL3 identity proofing?

NIST defines identity proofing and verification as the practice of verifying whether a person's claimed digital identity corresponds with their real-world identity. They have defined three levels of assurance that companies can choose depending on their risk tolerance for each service: IAL (Identity Assurance Level), AAL (Authentication Assurance Level), and FAL (Federated Authentication Level).

IAL1 requires minimal proofing, with enrollment codes sent directly to their verified addresses. IAL2 involves moderate verification such as remote or in-person checks of identity evidence and biometric comparison. Finally, IAL3 identity proofing involves superior strength verification which may include face to face interactions or secure video chat sessions as direct oversight methods.

NIST 800-63A IAL3 details the differences among IAL, AAL and FAL and makes clear there is no single solution that meets these standards; its mandate to deprecate email OTP and significantly downgrade SMS-based MFA methods as well as mandate for phishing-resistant mechanisms like FIDO2 demonstrate this fact.

What is NIST IAL3 compliant solution?

NIST has set forth stringent requirements for verifying an individual's claimed identity through its IAL3 requirements, which require a rigorous face-to-face process of identity verification including in-person verification, real-time document validation and biometric comparison. These stringent standards can help companies prevent interview fraud when hiring new staff or allow visitors to secure facilities.

Authentication and identity proofing are essential components for building trust among digital identities, improving user experience, and strengthening security. NIST's SP 800-63-3 guidelines have recently been revised for modern security requirements to provide extensive identity proofing measures, phishing-resistant authentication practices, and safe federated identity practices that ensure user trust in digital identities.

NIST defines Identity Assurance Levels (IALs) to represent the confidence with which verified assertions relate to real identities. While IAL1 allows self-asserted attributes, IAL2 demands additional evidence for stronger verification; and finally IAL3 represents the highest degree of rigor that should be reserved for sensitive applications like government, healthcare, and financial transactions.

What is Trust Swiftly’s NIST IAL3 solution?

The National Institute of Standards and Technology's digital identity guidelines offer a framework for identity verification, authentication, and federated identity management. Their assurance levels indicate the degree of certainty with which claimed identities correspond to real world identities, from self-asserted up to in-person verification (IAL1).

Trust Swiftly IAL3 compliant solution was created to meet the security requirements set out by NIST 800-63A IAL3 and utilizes document authentication and biometric verification techniques in order to protect relying parties against impersonation and fraud. Document verification can be accomplished using Mitek AI technology that compares live images of individuals against identity documents submitted for authentication; biometric verification involves collecting two distinct physical attributes of individuals such as facial recognition or voice capture for comparison.

Participants of IAL3 will be required to visit a secure kiosk in the US and record themselves speaking and recording their face, speech and fingers for evaluation by an expert security team using an established grading system.