NIST Special Publication 800-63 provides guidance for organizations on how they should verify identities and protect sensitive information, providing insight into identity verification practices in digital environments. It sets standards for identity proofing services online.
Of course, meeting the requirements for IAL3 certification can be challenging for organizations. Traditional in-person verification processes are costly and time consuming – not suitable for remote workforces. Trust Swiftly’s hardware-based remote IAL3 solution helps organizations navigate around these potential pitfalls and deliver better services to employees.
IAL3 Compliant Solution
NIST 800-63A IAL3 requirements mandate that an individual be physically present to examine documents and capture biometrics; this process is costly, slow, and unscalable for remote workforces, creating significant security risks. Employing TrustSwiftly as an IAL3 compliant solution could save both money and time while safeguarding against sophisticated threats while upholding FedRAMP high compliance.
NIST’s IAL3 identity proofing guidelines (Section 63A) has introduced a modular framework that defines assurance levels across three categories: IAL, AAL and FAL. This new model emphasizes priority and risk-based Digital Identity Risk Management (DIRM), moving away from checklist-based requirements that do not consider impactful outcomes and the security posture of individual users.
Leading IAL3 compliant solution such as TrustSwiftly help organizations meet the requirements of NIST 800-63A IAL3 by offering effective security methods that can withstand sophisticated attacks and reduce password vulnerability. The platform uses chat, video, facial recognition with liveness detection and document authentication together with step-up reproofing based on risk to provide a seamless user experience while meeting NIST 800-63-3 standards while simultaneously minimizing its attack surface.
IAL3 Verification
IAL3 provides the highest level of identity assurance by connecting claimed identities to real individuals in real time. This method protects Registered Providers against fraud and impersonation while simultaneously eliminating email OTPs and SMS-based authentication methods, which are more susceptible to sophisticated attacks.
IAL3 involves an identity proofing session conducted either onsite with an experienced CSP representative, or remotely via supervision, upon successful identity proofing, the CSP will enroll the applicant into their own subscriber account and assign one or more authenticators for them.
NIST IAL3 verification process encompasses document authentication and biometrics. Mitek uses special cameras with live images of subjects to compare against photos found in identity documents; this enables Mitek’s system to identify multiple red flags such as forgery or presentation attacks as well as reject any synthetic ID using advanced techniques like multispectral UV light analysis or comparison against trusted lists of known ID forgeries.
IAL3 Kiosks
The IAL3 process entails in-person interactions between an Identity Proofing representative and applicants at actual physical locations in order to validate their claimed identities, helping limit attacks that exploit false evidence, theft and repudiation as means for highly scalable attacks.
At this level, assurance requires an elevated degree of rigor and more stringent identity proofing processes than those used at earlier levels. This provides more confidence that individuals are who they claim they are while mitigating threats such as phishing.
IAL3 requires on-site attended identity proofing (to include remote supervision). This restricts who can participate, which has led to it not being widely adopted by businesses; however, with solutions such as TrustSwiftly that enable companies to meet NIST 800-63A requirements while taking advantage of modern user experiences it may become more popular and also help organizations reduce attack surfaces by decreasing password resets and cyber liability insurance premiums.
IAL3 Managed Services
At IAL3, an additional and stronger level of identity proofing, typically biometrics, must be provided to verify a user as being who they say they are. This advanced identity verification approach should only be applied for high-risk applications like access to cloud systems or critical infrastructure.
Traditionally, IAL3 could only be achieved via an expensive and time-consuming in-person session with a trainer; however, this model often is impractical for organizations that use remote-first employees; flying employees across the country for 15-minute IAL3 sessions could create logistical headaches while draining budgets and slowing onboarding processes.
Trust Swiftly’s HYPR Affirm identity verification solution enables businesses to meet IAL3 compliance easily, including chat, video, facial recognition with liveness detection, document authentication and authenticator tethering services that secure tie authenticators like YubiKey or biometric profiles securely to verified identities instantly after an IAL3 session to avoid stand-in fraud and ensure both business and security objectives are achieved while reducing cyber liability insurance costs and operational risk while decreasing attack surface.