The NIST SP 800-63A IAL3 verification process strikes an ideal balance among security, privacy and usability. It involves identity proofing and enrollment processes provided by credential service providers (CSPs) that allow them to accurately identify individuals.
Acquiring an IAL3 verification requires direct observation and stringent checks, document validation against authoritative sources, biometric comparison against claimed digital identities to reduce impersonation or fraud, among other measures. TrustSwiftly offers a secure yet efficient IAL3 verification solution.
IAL3 Identity Proofing
Identity Proofing at Level Three is the highest identity assurance level offered by NIST and requires rigorous verification processes, such as direct observation during on-site attended identity proofing sessions, document validation against authoritative sources, biometric comparison against claimed digital identities and biometric matching between claimed digital identities and claimed digital identities. This process helps reduce impersonation fraud as well as protect against SIM swaps or MFA bypasses.
TrustSwiftly’s passwordless authentication and NIST IAL3 verification solution assists regulated industries like healthcare or finance with meeting the IAL3 guidelines by offering document validation, liveness detection/biometric comparison/phishing resistance/cryptographic authentication features to help comply with them directly.
NIST 800-63A IAL3 guidelines have been updated with requirements that address modern security threats, such as strong authentication such as FIDO Passkeys for levels IAL3 and higher. For more information, visit NIST’s website here.
IAL3 Authentication
NIST 800-63A’s highest identity assurance level, known as IAL3, involves identity proofing in-person or remotely under supervision with rigorous document validation and biometric comparison, binding two biometric modalities securely to each identity credential, making them highly resistant to SIM swaps and MFA bypass. Top IAL3 solutions use advanced liveness detection and face matching technologies to verify enrollee presence during IAL3 identity proofing sessions, cross-verify live images across identity documents, and securely bind unique biometric characteristics with credentials.
This level establishes, among other requirements, that verifiers create mechanisms for addressing subscriber complaints and issues, in order to ensure their CSP or IdP responds swiftly and appropriately should any issues arise during authentication processes.
IAL3 Federation
The NIST 800-63A IAL3 guidelines introduce a novel model for assurance levels. They redefined “level of assurance” to offer more flexibility and granularity in identity management processes; additionally they introduced requirements for federated authentication as well as managing identifiers; while IALs (Identity Assurance Levels) and FALs (Federated Authentication Levels) quantified confidence that can be placed in assertions made by CSPs about users.
At IAL1 level, no linkage between digital identity and real world identities is necessary; attributes are self-asserted and remote verification may take place. At IAL2 level, however, higher strength evidence and verification is required as well as physical presence of identity holders.
IAL3 is the highest level of assurance required for high-risk transactions and requires the presentation of strong identity evidence such as a passport. Furthermore, live biometric capture must occur simultaneously with rigorous validation of evidence provided against impersonation and other potentially damaging acts.
IAL3 Security
Identity assurance levels (IAL, AAL, and FAL) measure how confident an organization can be in a user’s identity claim. Accurate selection of an IAL is vital in protecting sensitive resources while building trust among stakeholders and adhering to compliance obligations.
NIST 800-63A IAL3 3 has recently adopted a revised framework, shifting away from checklist-based requirements towards risk-based Digital Identity Risk Management (DIRM). Organizations using this approach must evaluate threats, service impacts and user populations to select an IAL, AAL or FAL assurance level accordingly.
At its highest level, IAL3 requires either in-person verification or remote identity proofing by attending an on-site or remote session with an agent and collecting multiple pieces of strong identity evidence, including biometric evidence. Leading IAL3 compliant solution feature document authentication and face identification with liveness detection technologies to quickly verify identities for secure enrollment processes with reduced cyber liability insurance premiums and operational costs due to reduced password resets.
