The NIST Digital Identity Guidelines define identity assurance levels (IALs) which indicate the degree of certainty that a claimed digital identity corresponds with real world identities. An identity assurance level (IAL3) requires in-person verification, superior strength identity evidence collection and document authentication.

IAL3 standards now prioritize resilient and phishing-resistant methods over weaker ones. By using an managed IAL3 kiosk and CSPs with proofing agents for proofing purposes, your organization can easily achieve compliance quickly and safely with these standards.

IAL3 Identity Proofing

As businesses and government agencies migrate their services onto digital platforms, identity verification becomes ever more crucial to ensure users are who they say they are. Identity assurance levels defined by the National Institute of Standards and Technology provide three levels of identity assurance in order to provide security and compliance.

Remote IAL3 enrollment verification requires both physical presence or special remote proofing software to secure. It relies on strong evidence such as government documents vetted by authoritative sources, along with biometric comparison that verifies that the person presenting their document is actually who they claim they are.

Employing a device equipped with an iris or face camera is the optimal way to satisfy IAL3 specifications for secure capture processes. For optimal results, these high-quality models should feature high pixel counts and secure ethernet connections - this would require significant investments in supply chain management, hardware configuration and physical security auditing services.

NIST 800-63A

NIST 800-63A IAL3 for short, provides assurance levels for identity proofing (IAL), authenticator assurance level (AAL), and federated identity assertion level (FAL). Adherence to these standards enables organizations that prioritize security to implement safe digital ID management practices.

Under IAL3, CSPs are required to offer remote or on-site, attended identity proofing sessions that collect superior-strength evidence and involve interaction between an approved representative of their company and applicants for proofing purposes. This process should help protect against more advanced attacks as well as basic forms of evidence falsification, theft, repudiation and social engineering tactics used against them.

This standard also mandates CSPs to present continuation codes, which are hashed and given back to applicants to verify if their CSP has not been compromised. Decoding of such messages requires using trusted RPs with the necessary challenge/response messages.

IAL3 Compliant Solution

The IAL3 level involves verifying claimed identities with real world IDs, either remotely or in-person, using full chain of custody, anti-spoofing protections and detailed auditing processes for remote or in-person verification. It is the highest level of IAL3 identity proofing available and often employed by organizations with complex security threats such as fraud, theft or data breaches that require more assurance against these threats.

Traditional in-person proofing has traditionally been the main method for reaching an IAL3 compliance, yet is time consuming, expensive, and cannot adapt to remote workers. Trust Swiftly's patent technology offers an affordable and scalable alternative which is FedRAMP High compliant.

Our remote IAL3 compliant solution is hardware-based, and allows you to return the kit and report its results, creating an auditable record of compliance for your 3PAO or security team. Furthermore, it securely binds an authenticator (such as phone or YubiKey) with each verified identity to prevent stand-in fraud and ensure only one person can gain entry to your system at one time.

Trust Swiftly

An traditional approach to Identity Verification Level 3 (IAL3) verification requires in-person identity proofing sessions which can be costly and time consuming, creating security risks and compliance bottlenecks for companies with remote workforces. Trust Swiftly's hardware-based remote ID verification solution meets NIST standards while saving both money and satisfying auditors.

The IAL3 requirements are similar to IAL2, except for the presence of a CSP representative and additional processes to mitigate more sophisticated attacks such as evidence falsification, theft, repudiation and advanced social engineering tactics. Furthermore, applicants must enroll into subscriber accounts with associated authenticators attached.

Building your own kiosk for an IAL3 proofing session involves extensive preliminary work. From purchasing and configuring the latest mobile device (Windows, Apple or Android) with high-resolution camera to managing and protecting it physically as well as digitally, Trust Swiftly takes all this hassle away for you by handling everything for you and enabling your team to quickly get up and running with an adaptable solution that grows with them.