IAL3 Identity Proofing Checklist for Compliance Teams

NIST 800-63 is an important document which details identity assurance levels and authentication requirements, with organizations needing to meet them striving for compliance with it. HyPR solutions like its FIDO certified passwordless authentication service (HYPR Pass) or comprehensive identity verification solution (HYPR Affirm) help organizations comply with this standard and achieve IAL3 status.

However, for distributed workforces implementing the IAL3 requirement via on-site proofing sessions is impractical and TrustSwiftly can help overcome these challenges. Read about how TrustSwiftly is making their lives easier!

IAL3 Compliant Solution

NIST’s Digital Identity Guidelines specify an identity assurance level called IAL3 which requires on-site physical proofing of applicants, with trusted referees reviewing identity documents and biometric attributes using locked devices in order to prevent socially engineered fakes from being produced. CSPs will find it more costly to deploy this level.

Traditional in-person proofing processes can be expensive and inflexible for remote workforces, creating logistical nightmares and security risks as well as regulatory compliance bottlenecks. TrustSwiftly provides an easily deployable NIST IAL3 verification solution for FedRAMP high compliance that leverages chat, video, facial recognition with liveness detection, document authentication as well as step up reproofing based on risk – offering seamless user experiences while safeguarding against emerging threats while satisfying NIST and FedRAMP high assurance levels requirements.

Reduced Risk of Fraud

NIST 800-63A IAL3 requires identity proofing processes that verify user claims against real individuals; the level of assurance reflects this strength of validation. NIST’s latest version (NIST SP 800-63-4) retains three levels: IAL, AAL and FAL while modernizing them to take account of modern security technologies – for instance AALs now include antiphishing measures like FIDO Passkeys as phishing-resistant methods while supporting flexible remote identity proofing solutions via an IAL2.

Organizations can now select IAL3 identity proofing methods tailored specifically to their user population and service impacts, creating greater flexibility when selecting identity proofing methods that best match these needs. This results in reduced cyber liability insurance costs and more reliable password resets resulting in operational cost savings as well as decreased fraud from unauthorized access or identity theft. Furthermore, NIST 800-63A IAL3 marks an important shift from checklist-based requirements towards risk-based Digital Identity Risk Management (DIRM). DIRM framework prioritizes stronger authentication protocols less vulnerable to social engineering attacks.

Increased Productivity

As part of each online transaction, federated identity systems actively verify user representation digitally to meet predetermined Authentication Assurance Levels – making it harder for bad actors to impersonate legitimate users and commit fraud.

NIST 800-63A IAL3 offers a well-defined three-part model to outline the lifecycle of verified digital identities. In step one – Identity Proofing (IAL), CSPs verify whether an identified individual actually exists to prevent fraudulent account creation or initial unauthorized access attempts.

The second step, Authentication (AAL), involves CSPs that comply with AAL authenticating claimed identities at their desired assurance levels using multiple AAL-compliant verification methods such as cryptographic tokens, smartcards or FIPS 140 validated security keys. Finally, Federation (FAL) allows a user to leverage their established digital identity to authenticate themselves at multiple FAL-compliant relying parties without repeated authentication procedures – providing increased productivity and user experience while strengthening security.

Reduced Costs

Securely verifying identities remotely without the need for in-person attendance saves both time and money, while simultaneously reducing attack surface. Our comprehensive identity proofing solution, TrustSwiftly, provides a variety of methods – chat, video, facial recognition with liveness detection, document authentication and step-up reproofing according to risk – to securely achieve IAL2 and IAL3 identity levels.

NIST Special Publication 800-63-3 outlines three assurance levels for digital identity: identity verification (IAL), authentication and lifecycle management (AAL), and Federation and Assertions (FAL). Organizations may choose corresponding assurance levels across their touchpoints, either opting for lighter identity proofing combined with stronger authentication (IAL1) or vice versa depending on security and efficiency goals.

NIST further defines a “trusted referee” as an agent of the CSP or third-party service that has been trained and vetted to make risk-based decisions about an applicant’s identity proofing case when their claimed identity conflicts with physical features or documents presented for identification purposes. For example, this could occur if their claimed identity doesn’t match up with any documents presented as ID evidence.