IAL3 requires on-site, attended identity proofing with verified biometrics and stringent evidence validation. Due to its more resource-intensive nature than IAL2, this service should only be utilized when necessary for high stakes use cases.
An effective ID&V strategy must address all stages of employee lifecycle. At HYPR, our solution combines chat, video, facial recognition with liveness detection and document authentication to reach IAL2 and IAL3 assurance levels while supporting step-up reproofing based on risk.
NIST IAL3 verification
NIST (National Institute of Standards and Technology) publishes standards to promote cost-effective security and productivity of information in federal systems. Their Information Technology Laboratory (ITL) develops tests, test methods, reference data, proof-of-concept implementations and technical analyses in support of these efforts.
Identity Assurance Levels (IALs) measure confidence that an online identity matches up with real world identities. They range from self-asserted IAL1 (self-declaring) to in-person verification IAL3; remote authentication can achieve at least up to an IAL2 status using strong evidence such as ID documents or liveness tests.
NIST 800-63A IAL3 compliance requires secure enrollment processes that balance security, privacy and usability. Modern identity platforms using Zero Trust architecture are well suited to meeting these guidelines: They feature FIDO Certified passwordless authentication as well as hardware-backed authenticators such as PIV/CAC cards to meet AAL2 and IAL3 requirements; furthermore they support continuous reassessments of user identities and device posture, strengthening NIST's "never trust, always verify" mandate.
IAL3 identity proofing
NIST digital identity guidelines are an indispensable element of modern security, emphasizing extensive identity proofing, phishing-resistant authentication methods like FIDO passkeys, and secure federated identity practices. Furthermore, SP 800-63-3 calls for cryptographic authentication as well as subscriber-controlled wallets so users can manage their own security.
IAL3 Identity Proofing offers the highest level of assurance by requiring in-person attended proofing with a verified representative. This service includes facial recognition with liveness detection, document validation and biometric verification of ID documents; additionally it features stringent chain-of-custody procedures, anti-spoofing protections and detailed auditing.
To select the appropriate assurance levels, start by identifying which risks need to be mitigated. For instance, high-risk use cases such as physical access control or benefits eligibility verification could require higher assurance levels. Next, select a solution that fulfills both business and security needs; one which supports IAL2 with strong biometric binding should include face, fingerprint and dual iris verification capabilities as desirable features.
IAL3 compliant solution
While the general framework of IAL, AAL, and FAL remains, these revisions indicate a shift towards stronger authentication protocols that are resistant to phishing attacks. Leading IAL3 compliant solution incorporate document verification methods, facial recognition with liveness detection capabilities, and other advanced measures to verify identities in real life; additionally they use multiple data sources for increased accuracy and improved user experiences.
Instead of relying on kiosks that require attendance by a CSP representative for identity proofing, these new processes enable remote or physically present identity verification processes. Once someone is successfully verified, they are added as subscribers with one or more authenticators bound to their accounts.
Trust Swiftly can ensure the security of these processes by overseeing every aspect of IAL3 compliance, providing your security team and 3PAO auditor with a full report that documents that it met all IAL3 requirements and securely storing raw biometrics or evidence for future auditing purposes.
TrustSwiftly IAL3
The NIST IAL3 verification process aims to limit highly scalable attacks involving evidence falsification, theft and repudiation. For this process to work effectively it requires direct interaction between an identity proofing representative and applicant at their physical location to conduct verification - an additional layer of security often necessary in regulated industries.
Trust Swiftly is a scalable and secure IAL3 solution that adheres to these standards, offering document authentication and biometric comparison with stringent oversight to reduce risks of impersonation and fraud. Self-service kiosks for secure locations are provided, as are customizable biometric checks such as facial recognition with liveness detection, fingerprint scanning and voice authentication.
Traditional IAL3 verifications involve in-person visits by an examiner, which can be both expensive and logistically challenging for businesses with distributed teams. A remote verification solution such as Trust Swiftly may save companies money while helping them comply with NIST 800-63A IAL3 requirements, safeguard against security breaches, and satisfy auditors.