NIST 800-63A IAL3 verification is an identity proofing process intended to confirm that the person presenting evidence is actually them, using video footage, facial recognition with liveness detection technology, and document authentication methods.
CSPs must record physical comparisons of applicants to identification evidence for both IAL2 and IAL3.
NIST IAL3 verification
IAL3 is the highest level of NIST identity verification. It requires physical presence either in-person or remotely and includes comparison of enrollee biometrics with images from strong identity evidence, restrictions against spoofing attacks such as wearing realistic silicone masks and restrictions against any attempts at impersonating identity fraud. Although costly and time consuming, this form of authentication can give greater assurance in someone’s identity.
Digital identity standards and other cybersecurity frameworks can help organizations reduce fraud losses by verifying that people who claim they are are who they claim they are. These guidelines can be implemented across a range of services from benefits eligibility checks to secure physical building access – but especially important in combatting phishing attacks and supporting federated identities.
NIST recently updated its guidance to address current threats, ensure user accessibility and privacy, and eliminate checklist-based requirements in favor of risk-based framework. This allows CSPs to tailor identity proofing and enrollment processes specifically to their environments while still offering an enjoyable user experience.
IAL3 identity proofing
Identity proofing requires high levels of assurance to help organizations protect themselves and their users against cyberattacks, but this also increases user friction, making adoption of the system difficult for some users. Therefore, businesses should aim to balance security needs with customer experience impacts in their customer experiences.
An organization should select an assurance level suitable to their use cases. For instance, light identity proofing (IAL1) combined with stronger authentication (AAL2) might work best. In addition, they could implement federation controls (AAL3) to maintain trust across systems when sharing identity data.
NIST 800-63A IAL3 version four includes an updated framework for identity systems, with modern requirements for AALs and IALs. While maintaining its tripartite nature (IAL, AAL and FAL standards), new requirements like FIDO passkeys have been updated in line with technology advancement. Furthermore, an organization’s assurance levels can now be tailored more accurately according to business or technical needs through this updated granularity feature.
IAL3 compliant solution
Trust Swiftly’s NIST IAL3 verification process offers the highest level of assurance, and requires an in-person meeting with a live agent. This marks a step up from its predecessor IAL2, which Trust Swiftly has reimagined to be more suitable for businesses of all sizes.
On-site IAL3 requires face-to-face interaction with an on-site CSP representative and verification of at least one biometric characteristic, to minimize impersonation attacks – one of the most prevalent cyberthreats – as well as SIM swaps and MFA bypasses by binding biometric credentials securely with identity credentials. This method helps reduce impersonation attacks while helping prevent SIM swapping attacks as well as bypasses of MFA authentication systems.
IAL3 verification involves direct observation of enrollee’s facial images within their identity evidence, cross-verification against multiple photo IDs and verifying liveness using face, fingerprint and dual-iris scanning technologies to ensure a real person has registered without using fake identities to access accounts; providing strong authentication.
TrustSwiftly
TrustSwiftly is a FIDO Certified passwordless authentication and identity verification solution, helping organizations meet NIST IAL3 guidelines with its remote but supervised IAL3 identity proofing process. This includes document verification, biometric comparison with liveness detection capabilities and cryptographic authentication for improved phishing resistance and man-in-the-middle protection.
TrustSwiftly stands out from the pack by being simple to set up and deploy without needing kiosks as part of its solution. A user can simply access TrustSwiftly no code page from their mobile phone or laptop and connect with an agent who can then verify identity through various means such as chat, video streaming, facial recognition with liveness detection or document authentication – helping lower cyber liability insurance costs and operational expenses by decreasing attack surface area.
TrustSwiftly’s IAL3 compliant solution provides various verification methods including NIST IAL3 compliance and FedRAMP high compliance verification with mobile driver’s license verification as ID&V evidence, step-up reproofing based on risk, credential issuance via either in-person or remote authentication, liveness detection support and step-reproofing based on risk.
.
