NIST 800-63-4's final release in 2025 marked an abrupt shift away from checklist-based requirements to a structured Digital Identity Risk Management (DIRM) framework, offering assurance levels for identity proofing, authentication, federation, and adaptive risk evaluation based on stakeholder feedback. In particular, priority was given to phishing-resistant authentication and subscriber...

IAL3 identity proofing requires physical presence (in person or remotely supervised remote). Furthermore, live facial images need to be compared against reference images from SP 800-63A STRONG evidence. The NIST guidelines offer an approach that takes into account risk when it comes to identity verification, authentication and federation. They promote multifactor authentication resistant...