Future-Ready Identity Proofing with NIST 800-63A IAL3

IAL3 is the highest identity assurance level available and should only be applied to applications that demand protection against sophisticated attacks. This process includes document and biometric validation as well as direct oversight from a certified CSP representative in order to confirm that the person presenting their digital identity matches that of who it was claimed by.

Trust Swiftly's turnkey kits make implementing an IAL3 process both cost-effective and secure on-site. Here's how.

What is IAL3?

NIST defines IAL3 as their highest level of assurance, and requires more rigor in both process and evidence requirements. This level is usually reserved for applications that involve highly sensitive information like healthcare access or financial services requiring maximum protection.

Contrary to IAL1 where identity can be self-asserted, IAL3 requires verification of real world existence of digital identities through advanced documents and biometric matching. Furthermore, participants must attend an identity proofing session supervised by a trained CSP representative in person.

An on-site NIST IAL3 verification session typically culminates in enrollment into a subscriber account and binding of one or more authenticators to it, which allows RPs to protect themselves against stand-in fraud by associating credentials with identities that cannot be used by someone else to gain entry. This process occurs via verification whereby unique identity records are assigned for every verified person before binding authenticators to these unique records.

IAL3 Compliant Solution

As the highest level of identity assurance, IAL3 requires rigorous checks to verify the person is indeed who they claim they are - this is essential in high-risk applications like healthcare or government services.

IAL3 can be achieved with either an in-person process akin to physical security checks in federal offices, or remotely through enhanced processes like document verification and biometric comparison. Either approach provides added assurance against scaled and targeted attacks as well as evidence falsification or theft.

Trust Swiftly offers a turnkey IAL3 compliant solution. From kiosks with our app and single browser page on Windows, Apple, or Android devices to providing agents mobile devices during proofing sessions (for additional verifications such as device checks). Once IAL3 identity proofing sessions have ended, Trust Swiftly securely connects authenticator and verified person together so no stand-in fraud occurs.

IAL3 Proofing Process

Trust Swiftly High requires your business to meet Identity Assurance Level 3, the highest identity assurance level available. This requires setting up an in-person proofing process which verifies every individual with access is indeed who they say they are - an additional challenge many businesses must overcome in order to stay compliant.

Traditional solutions involve flying people in for proofing sessions that drain your budget and create logistical nightmares for your remote workforce. Furthermore, this approach poses significant security risks and compliance bottlenecks; anyone could easily socially engineer around this process.

Consider employing a kiosk attended by an agent. Utilizing either our app or no code web page, an agent can connect in real-time during an IAL3 proofing session using this option to authenticate faces and evidence documents - this provides both cost savings and speedier deployment.

IAL3 Kiosks

NIST digital identity guidelines set a stringent standard for remote and online identity verification. By outlining specific levels of assurance (IAL, AAL and FAL), they provide information for informed risk decisions on consuming federated authentication assertions from third parties.

NIST 800-63A IAL3 is designed to address modern security threats by emphasizing extensive identity proofing and strong cryptographic authenticators, with particular focus on phishing-resistant multifactor authentication (MFA) as well as fully incorporating FIDO Passkeys into AAL2 and AAL3 federated authentication standards.