The new guidelines promote enhanced risk management, stronger multi-factor authentication methods, and aligning identity processes with modern usability expectations. Furthermore, they advocate strongly for phishing-resistant authenticators and subscriber controlled wallets.
The guidelines provide an assurance level hierarchy encompassing identity verification (IAL), authentication (AAL) and federated authentication (FAL), with their requirements listed in a table below.
What is NIST IAL3 verification?
Identity proofing at the IAL3 level requires advanced security measures to verify the information associated with an individual’s ID is true and correct, such as multi-factor checks, real-time document validation and biometric comparison. Such stringency may help safeguard sensitive data or healthcare services against fraudulent access or manipulation.
NIST has developed Identity Assurance Levels (IALs), which measure how likely it is that an identity claimed matches its actual counterpart in real life. IAL3 represents the highest assurance level, demanding additional measures be taken in linking claimed identities with real world ones.
NIST 800-63A IAL3 includes an Identification and Validation methodology which maps evidence binding strength with levels of NIST IAL3 verification. The table below depicts this mapping between these verification methods and evidence validation strengths.
What is IAL3 identity proofing?
NIST Special Publication NIST 800-63A IAL3 outlines the IAL3 identity proofing level as the highest degree of confidence that claimed digital identities match corresponding physical identities. To attain this level requires in-person or remote interaction with an authenticator service provider (CSP), including visual inspection of an applicant’s face and fingerprints to ensure liveness; chain-of-custody and anti-spoofing protections to limit malicious actors attempting attacks such as SIM swapping, MFA bypasses, or fraudster attacks against identities claimed digital.
Trust Swiftly is an identity verification solution that helps organizations meet IAL3 compliance by employing chat, video, facial recognition with liveness detection and document authentication. Furthermore, its step-up reproofing based on risk provides continuous identity assurance beyond single point-in-time checks in line with NIST guidelines for continuous identity assurance – offering more secure user experiences while meeting business and security objectives simultaneously by eliminating password-based authentication methods.
What is IAL3 compliant solution?
Digital identity verification has become an essential tool to protect against fraud and phishing attacks as well as meet stringent regulatory requirements. To facilitate digital ID verification processes, NIST established three assurance levels (IALs). With IAL3 being the highest level of confidence required in verifying a real person.
IAL3 requirements call for an in-person attended session during which at least one biometric characteristic must be linked with an identity credential. An agent must interact with enrollee during on-site attendent identity proofing to prevent social engineering attempts such as realistic silicone masks.
Trust Swiftly easy-to-deploy IAL3 compliant solution enables you to easily meet its requirements. By customizing kiosks or deploying our turnkey kits with an app or single browser page that launches an IAL3 proofing session, users can safely capture and verify faces, documents and evidence using advanced liveness detection and cross-verification technologies (face, dual iris, fingerprint). Biometric binding prevents SIM swaps or MFA bypass.
How does Trust Swiftly help you achieve NIST IAL3 compliance?
The NIST Digital Identity Guidelines offer a holistic model for safeguarding an online identity through various levels of assurance. Unlike passwords, these assurance levels apply throughout its lifecycle from onboarding through authentication and federated identity management.
Assertions are cryptographically signed digital statements issued by a trusted identity provider that verify that a user’s digital identity corresponds with his real-world identity, as well as that his authentication met certain Authentication Assurance Levels (AALs). They can be exchanged using established technical protocols.
Trust Swiftly’s comprehensive identity verification solution, HYPR Affirm, not only meets IAL2 requirements but can also assist in meeting IAL3 compliance by performing an on-site interaction between chat, video and facial recognition with liveness detection on locked-down devices. Furthermore, step-up reproofing based on risk helps ensure continuous identity assurance beyond one point in time, significantly reducing attack surface area and creating more resilient digital identity ecosystem.
