Identity Assurance Levels (IALs) measure the degree to which an online identity corresponds with its real-world counterpart, ranging from 1 (IAL1) to 3 (IAL3) with more stringent assurance requiring in-person verification for higher levels.

Recent revisions of 800-63-3 have prioritized stronger, phishing-resistant authentication protocols like FIDO Passkey over SMS OTPs and password-based methods such as AAL2. This shift has resulted in SMS OTPs being deprecated as well as downgrading methods in AAL2.

IAL3 identity proofing

IAL3 Identity Proofing offers the highest assurance that a claimed identity matches up with real world identities. To do this effectively it requires on-site attended NIST IAL3 verification with the presence of a trained CSP representative, alongside rigorous evidence validation procedures. Furthermore it mandates CSPs compare live biometrics with those stored on primary authenticator devices to prevent spoofing attacks such as SIM swapping or MFA bypass.

The new guidelines allow more flexibility by enabling organizations to select assurance levels suited for their business risk, helping bridge the gap between security and business requirements. For instance, tier 1 credentials could be used for physical access while higher stakes transactions such as government services or financial transactions require higher tier credentials.

IAL3 requires submission of identity documents such as passports that must be verified against their issuing authority's databases and biometric matched with enrollee biometrics. HYPR's IAL3 solution offers live chat, video streaming, facial recognition with liveness detection capability, document authentication services and support for step-up reproofing based on risk in order to meet these stringent standards.

IAL3 compliance

The NIST 800-63A IAL3 Digital Identity Guidelines are essential for modern identity verification, promoting extensive identity proofing, phishing-resistant authentication, and secure federated identity practices. They help organizations meet compliance and security requirements while simultaneously improving user experience and decreasing cybersecurity risk. In addition, these guidelines support identity systems which can securely connect multiple parties without repeated authentication processes being necessary.

NIST provides three levels of assurance: Identity Assurance Level (IAL), Authentication Assurance Level (AAL) and Federated Assurance Level (FAL). AAL measures how effective an identity system's authentication process is; most organizations opt for one of these three assurance levels that best fits their business requirements.

IAL3 identity assurance is reserved for high-risk situations such as accessing sensitive healthcare data or conducting financial transactions. To meet its rigorous proofing processes and high level of confidence requirements, this level requires document validation and biometric verification - two areas Mitek excels at with solutions like document verification with liveness detection combined into its solutions to ensure the person presenting their ID is who they claim they are.

IAL3 verification

IAL3 verification involves on-site attendance by a proofing agent and more stringent requirements for identity evidence validation. IAL3 helps guard against attacks such as fraud, repudiation and identity theft by restricting evidence falsification and demanding greater confidence in biometric match-ups. IAL3 should only be reserved for transactions that involve government services and financial transactions.

Revision 4 of NIST 800-63A IAL3 streamlines many aspects of identity proofing for organizations to adopt and implement more easily, making the standard simpler to adopt and use. While keeping its three-part model (IAL, AAL and FAL), revision 4 offers additional options to reach IAL2 assurance - remote unattended identity proofing, cryptographic binding in federated transactions as well as relaxing hardware requirements for AAL3 assurance to promote adoption by commercial devices with increased security standards.

TrustSwiftly is an identity verification solution designed to assist organizations in meeting NIST 800-63-3 compliance and strengthening IALs using chat, video with liveness detection, document authentication and step-up reproofing based on risk. This allows organizations to align business and security objectives while cutting operational costs by eliminating password resets.

IAL3 solution

IAL3 is the highest level of identity assurance outlined by NIST guidelines, requiring on-site attended proofing by a trained representative to examine an applicant's face and evidence documents directly, along with rigorous biometric comparison that cannot be accomplished through remote proofing alone.

The IAL3 requirement aims to prevent more sophisticated attacks, including evidence falsification, theft, and repudiation. IAL3 compliant solution is ideal for high-stakes use cases requiring maximum assurance levels such as secure building access or financial transactions with regulatory oversight.

TrustSwiftly has the solution to meet these requirements with their NIST 800-63A IAL3 compliance software. This solution enables a CSP to deploy kiosks that require agent attendance during proofing - this enables an agent to perform additional verifications outside the IAL3 scope, such as device check. Deploying kiosks this way is far cheaper and faster than full self-service kiosks - eliminating the need for security teams to become hardware logistics experts themselves.