NIST Special Publication 800-63 is a set of security requirements designed to verify enrollment and identity proofing in digital authentication systems. The standards outlined within it fall under three levels of assurance.

Verification using IAL3 requires users to present evidence that proves their real-world identity, such as physical documents, biometric data or video footage.

Secure Authentication

Integrating NIST IAL3 verification capabilities into online authentication processes ensures sensitive employee and customer data remains safe while also improving user experience.

Traditional username and password combinations may serve as the initial form of identification followed by one-time codes sent via SMS/email and security questions with unique responses that cannot be easily predicted by an attacker.

Once enrollment has been completed, provide users with information regarding how they will receive their authenticator. This will reduce wait time so they can gain access to information systems and services more rapidly.

At this level of assurance, physical presence must either be present in person or remotely monitored and supervised. NIST FAL standards demand the strictest identity proofing standards, including biometric comparison against evidence such as an ID card or passport.

NIST 800-63A IAL3 Compliant

NIST 800-63A IAL3 modernizes digital identity through a modular framework that prioritizes Authentication Assurance Levels (AALs) according to transaction sensitivity. Compliance requires robust identity proofing and enrollment processes, including multi-factor authentication (MFA), hardware-backed authenticators, strong federation and strong identity platforms that enforce adaptive, context-aware verification for fraud and phishing attacks while providing seamless user experiences.

NIST 800-63A IAL3 is the highest level of identification assurance, requiring in-person and on-site attended identity proofing with verified biometrics for maximum confidence. This AAL is reserved for high-stakes transactions such as secure access to classified information or critical infrastructure; in such instances it requires superior-strength identity evidence with images stored or linked directly onto it as biometric proof that matches up. Verification should always take place under direct observation to avoid man-in-the-middle attacks or unauthorised remote comparisons.

IAL3 Proofing Kiosks

IAL3 Identity Proofing provides the highest level of proofing, providing robust protection from advanced fraud techniques. It requires physical interaction with a Customer Service Professional representative as well as collection of multiple biometric attributes during enrollment to reduce evidence falsification, theft and repudiation - methods commonly employed by fraudsters to gain access to sensitive data or gain control over privileged accounts.

NIST 800-63A IAL3 provides an updated identity verification framework that meets current fraud threats while offering flexibility in tailoring assurance levels to ongoing risk analyses. Officially recognizing remote identity proofing as pathways towards IAL2 and higher levels, deprecating OTP authentication via email, significantly downgrading SMS authentication and mandating multifactor authentication methods that resist phishing attacks are among its provisions. Our hardware-based managed IAL3 compliant solution makes meeting FedRAMP High compliance effortless, protecting against sophisticated fraud techniques while saving both time and money for your team. IAL3 kiosks come equipped with either native Windows, Apple or Android apps or can be accessed via a browser page for seamless rollout process.

IAL3 Remote Proofing

IAL3 is the highest level of identity assurance and requires in-person or remotely monitored proofing combined with stringent oversight to establish its validity. At this level, an identity claimed is connected directly with its possessor by using superior evidence such as government documents verified with authoritative sources or biometric comparison such as facial recognition.

At IAL3 level, extra stringency is needed to guard against impersonation and fraud that could lead to potentially costly damages for both RP, identity, and information. Financial services and healthcare industries tend to use IAL3 with strict security requirements, while TrustSwiftly allows organizations to provide onboarding experiences that provide high assurance authentication needed for IAL3 compliance and meet regulatory mandates through adaptive, risk-based onboarding that uses document validation, face verification, biometric binding to support AAL2-AAL3 compliance - creating self-sustaining security posture rather than checking boxes on paper!