IAL3 identity proofing requires physical presence (in person or remotely supervised remote). Furthermore, live facial images need to be compared against reference images from SP 800-63A STRONG evidence.

The NIST guidelines offer an approach that takes into account risk when it comes to identity verification, authentication and federation. They promote multifactor authentication resistant to phishing attacks as well as device-bound FIDO passkeys.

IAL3 identity proofing

Identity proofing is the process of verifying digital identities against real world identities to provide assurance against cyber attacks and fraud, meet regulatory requirements and improve customer security. NIST IAL3 verification plays an essential role in cybersecurity ecosystem, protecting against attacks while meeting requirements to meet compliance.

IAL3 represents the highest level of identity assurance, requiring strong evidence and an intensive verification process that establishes and authenticates claimed identities. This method employs document verification, biometric comparison, and direct oversight to safeguard against impersonation or fraud.

To meet IAL3 criteria, individuals must present valid government-issued documents with photographic matches. Furthermore, they must undergo a visual check with liveness detection and submit biometric characteristics - either in person or remotely proofing methods can be employed; however a trained representative must supervise proofing to prevent false negatives and to detect presentation attacks; only this approach provides high confidence in an individual's claimed identity.

IAL3 compliant solution

IAL3 is the highest level of identity proofing and requires a rigorous verification process, including in-person or remote presence supervised by an agent of the CSP and biometric capture, face matching against identity evidence such as passports or government-issued documents, comparison with facial features seen on superior-strength identity evidence (passport or government document), comparison to superior-strength identity evidence such as passports or government issued ID documents and comparison against superior identity evidence such as passports for comparison against. IAL3 is typically employed in highly sensitive transactions which involve accessing classified information, critical infrastructure systems or law enforcement systems.

The NIST 800-63A IAL3 framework addresses the need for flexible and adaptive identity assurance. It integrates proven methods like chat, video and facial recognition as well as liveness detection, document authentication and step-up reproofing based on risk, to deliver an IAL3 compliant solution with full coverage and robust verification capability.

The technology will also include robust protections against SIM swaps and MFA bypasses with a dynamic set of authenticators bound to each identity credential, making high-assurance identity credentials more accessible to users across a nationwide network.

NIST IAL3 verification

NIST 800-63A IAL3 verification requirements reflect a strategic shift towards stronger, more resilient authentication mechanisms against advanced threats. Deprecating email OTP authentication and significantly downgrading SMS-based authentication as methods no longer suffice against sophisticated attacks is indicative of this shift.

Contrary to lower levels, IAL3 requires in-person attended identity proofing with biometric comparison and rigorous evidence validation for maximum assurance, such as when dealing with sensitive government and healthcare applications. This level is reserved exclusively for situations that demand it.

This process could take place in a kiosk setting, where an agent would inspect faces and document as visitors enter an office, similar to how security guards review visitors before admitting them. Furthermore, an agent could capture fingerprints using secure hardware authenticators devices like TrustSwiftly-backed devices or FIDO2 security keys, making the session completely tamper-proof against spoofing, phishing and other forms of attack.

TrustSwiftly’s IAL3 solution

NIST 800-63A IAL3 provides three levels of identity proofing: IAL3, in-person biometric verification with trained CSP representative present and strict chain-of-custody procedures as well as anti-spoofing protections; this option supports full phishing-resistant authentication as well as hardware authenticators like FIDO2 security keys.

This approach can be expensive, time-consuming and logistically complex for remote workforces. Furthermore, it cannot scale with FedRAMP High-level applications due to compliance issues. A better solution would be implementing a risk-based digital identity management framework with a robust IAL3 verification process, to protect privileged accounts from sophisticated attacks as well as meet NIST requirements and satisfy auditors.