NIST 800-63-4 IAL3 offers an updated identity proofing process and increased security, among other things by restricting highly scalable attacks that could undermine an entire system.

IAL3 requires on-site proofing with a live agent and matching of enrollee biometrics against identification evidence as a way of verifying identity, which can be costly and time consuming; but its presence helps reduce impersonation attacks, help stop SIM swaps, MFA bypasses and similar activities.

NIST IAL3 Verification

NIST offers three levels of identity proofing services. At IAL3 level, participants are physically present either in person or remotely for this service, including direct observation of facial images as identification evidence; liveness verification using dual iris scanning technology and document authentication techniques; restrictions against spoofing attacks such as wearing realistic silicone masks are also part of this proofing method.

DIY builds may be possible to reach an IAL3 security level; however, this approach would likely require significant investments in hardware logistics (kitting, distributing and installing) as well as security staffing - making this option far from practical for most businesses.

Trust Swiftly's managed service offers a superior alternative. Our IAL3-compliant solution supports various verification methods including nist 800-63-4 ial3 compliance and fedramp high identity proofing high compliance, mobile driver's license ial3 identity verification software as ID&V, step-up reproofing based on risk, binding biometric credentials securely to authenticators (to minimize impersonation attacks, SIM swapping and MFA bypasses), fully FIDO Certified passwordless authentication as well as proofing capabilities available through an accessible kiosk anywhere with power outlets.

NIST IAL3 Compliance

The National Institute of Standards and Technology's Digital Identity Guidelines form the cornerstone of modern security. They encourage extensive proofing, robust phishing-resistant authentication, hardware-backed authenticators and secure federated identity practices as pillars.

NIST SP 800-63-4 provides updated definitions and requirements for identity assurance levels (IAL, AAL and FAL), such as strong biometric matching requirements, mandates against phishing-resistant MFA authentication methods (such as Passkeys), subscriber controlled wallet support as well as formal recognition of remote identity proofing methods in AAL2, while deprecating email OTP/SMS authentication services with reduced functionality, deprecating OTP delivery through email OTP services in favor of SMS authentication, as well as adding liveness detection requirements into IAL2.

Implementing a high-assurance identity verification strategy is complex and involves selecting appropriate assurance levels while meeting challenges. To meet NIST IAL3 guidelines, organizations require an identity assurance platform with comprehensive services for proofing, authentication and federation that supports your organization. HYPR Affirm's versatile platform gives them access to services for proofing, authentication and federation that support ongoing risk analyses by offering chats, videos, facial recognition with liveness detection capabilities and document authentication services - giving them maximum flexibility to meet assurance level needs tailored specifically for ongoing risk analyses by tailoring assurance level needs to ongoing risk analyses by mixing an array of proofing, authentication and federation elements in unique combinations - giving organizations full compliance with NIST IAL3 guidelines.

NIST IAL3 FedRAMP High Identity Proofing

NIST SP 800-63-4 updates digital identity standards by providing a modular framework with Identity, Authenticator and Federation Assurance Levels (IAL, AAL and FAL). This ensures relying parties can trust identity assertions from federated CSPs while at the same time mitigating fraud by providing strong authentication mechanisms and Zero Trust alignment.

The IAL3 standard requires more rigor in terms of enrollment and identity proofing, including in-person or remote IAL3 verification using face, fingerprint or dual iris scanning to safeguard against impersonation attacks, SIM swapping and MFA bypasses by securely linking biometric credentials with identity credentials of enrollees. This process has proven more secure than older methods because biometric credentials can now be associated with identity credentials of enrollees thereby mitigating impersonation attacks such as SIM swapping.

TrustSwiftly's verification method also supports step-up reproofing based on risk and features advanced cryptographic authentication to improve phishing resistance and man-in-the-middle protection. Rather than trying to build their own hardware solution, TrustSwiftly provides a turnkey IAL3 solution which is simple and quick to deploy with no overhead for supply chain management or device configuration overheads.

TrustSwiftly’s IAL3 Solution

To qualify for the bounty, spoofers must successfully fake an entire IAL3 session. This contest is open to US-based threat actors who demonstrate significant bypass of IAL2 to reach IAL3, along with documented proof. IAL3 compliance requires a supervised remote nist ial3 verification process with documented proof - document authentication, liveness detection support and biometric comparison between enrollee and verifyor must all be present for complete verification process to occur successfully.

TrustSwiftly's IAL3 solution supports remote yet supervised proofing with controlled hardware that captures audit-ready evidence. When combined with the FIDO Certified passwordless login that links identity credentials with biometrics, this provides an effective approach for mitigating impersonation attacks such as SIM swapping as well as stopping man-in-the-middle and phishing attack vectors.

Beginning with opening a no code page on their phone or computer to connect with an agent, and following similar verification processes as with IAL2, including document verification and face, fingerprint, or dual iris recognition with liveness detection - this deployment option offers simpler and cost-effective deployment solutions than full kiosks; compatible with any device meeting IAL3 specifications.