The National Institute of Standards and Technology 800-63A IAL3 Digital Identity Guidelines remain an integral component of modern security, emphasizing identity proofing and strong authentication that resists phishing attacks. They also advocate for hardware-backed authenticators and secure federation.
Selecting an effective solution that meets these requirements will enable your organization to reduce cyber liability and operational costs, and TrustSwiftly provides a remote yet supervised IAL3 verification process with document validation, biometric comparisons with liveness detection and high pixel counts for combatting spoofing threats as well as secure connections.
High-Assurance Proofing
NIST Identity Assurance Levels (IALs) offer businesses a framework for verifying digital identities of people, helping to reduce fraud and meet regulatory compliance requirements such as KYC.
The International Applicant Laboratory standards call for increasing verification rigor to verify online identity claims of people claiming they are who they say they are online. At the IAL1 level, no verification at all is needed while at IAL2, in-person or remote identity proofing must take place; at IAL3, an authentication method such as FIDO Passkeys must also be utilized so as not to compromise authentication processes.
NIST 800-63A IAL3 marked an important shift away from checklist-based requirements towards risk-based Digital Identity Risk Management (DIRM). Under this framework, organizations are expected to regularly evaluate threats, service impacts and user populations to select an IAL, AAL and FAL that meets each organization's individual requirements and promotes phishing-resistant authentication methods while meeting minimum requirements for FIDO Passkeys that support dual iris verification and face recognition.
Cost-Effective Verification
DIY build lists exist for IAL3, but these methods fall short of meeting NIST requirements due to the lack of hardware-controlled environments necessary for producing unalterable digital evidence. Furthermore, such methods require supply chain management, configuration auditing and physical security auditing which most teams don't have time or interest in conducting.
TrustSwiftly's IAL3 proofing process uses a remote yet supervised session with a live agent and provides the "someone watching" aspect mandated by NIST. This enables higher-fidelity evidence capture such as reading directly from an ePassport NFC chip; combined with high-quality biometric matching it forms strong proof against impersonation and fraud.
TrustSwiftly's FedRAMP High and NIST IAL3 verification methods enable organizations to enhance authentication journeys using chat, video, facial recognition with liveness detection, document verification and step-up reproofing based on risk - all while cutting operational costs, improving customer experiences and decreasing cyber liability insurance premiums.
Defensible Proofing
NIST publishes publications defining standards across many areas, ranging from plumbing pressure-loss measurements to viscosity of chemical elements. One such publication is NIST 800-63 Digital Identity Guidelines which serve as a checklist for verifying people against fake identities and phishing attacks.
The NIST 800-63 guidelines establish levels of assurance to help establish confidence in an online identity, from low trust levels all the way up to full authentication and verification. But it's important to remember that these levels shouldn't be chosen on an arbitrary basis: rather, their selection should depend on business risk rather than technology considerations.
FAL2 requires CSPs to conduct facial comparisons between enrollee biometrics and facial images in evidence in order to confirm liveness, as well as visually inspect other proofs for signs of spoofing or fraud. However, remote IAL3 identity proofing allows CSPs to achieve these same verification standards without an onsite physical presence limiting who they can serve.
Scalable Verification
Digital identity guidelines like NIST 800-63A IAL3 remain at the core of modern security, emphasizing comprehensive ID proofing and phishing-resistant authentication methods such as FIDO passkeys. Furthermore, these regulations promote secure federated identity practices while advocating for hardware-backed authenticators.
Accomplishing IAL3 verification can be costly and logistically complex, so Trust Swiftly's remote IAL3 compliant solution offers a cost-cutting and risk mitigating alternative that also meets compliance requirements at once. Combining document authentication, biometric comparison with liveness detection technology and stringent chain of custody measures it helps minimize impersonation fraud risk and fraud risk significantly.
To provide a high assurance level, the verification process must verify that claimed identities match real identities in the real world by comparing biometric features against identity evidence such as selfies or photo IDs. It should also detect malicious attributes and aliases while protecting against leakage by using an approach which is both scalable and protects against attacks that leverage information gathered during enrollment.