IAL3 requires extra stringent identity proofing for high-stakes transactions, such as accessing classified information or financial services securely. This level of verification includes in-person identity proofing or biometric capture/matching services.

TrustSwiftly, the passwordless authentication and comprehensive ID&V solution certified by FIDO UAF, helps organizations meet NIST 800-63-3 requirements by providing balance among security, user experience, usability and usability. It supports IAL2 and NIST IAL3 verification through chat video telephony face detection as well as document authentication.

IAL3 Identity Proofing

IAL3 identity proofing is designed for use when high levels of trust are essential, such as healthcare services, government services or financial transactions. It requires using evidence with greater strength - for instance a government issued document validated against authoritative sources and biometric comparisons - than what can be provided at lower levels; additional oversight from an experienced CSP representative may also be necessary in such instances.

As our digital world becomes more advanced, verifying who accesses online services becomes ever more critical. The National Institute of Standards and Technology established guidelines, known as NIST 800-63, that ensure identity verification processes take place properly so as to confirm those being verified are actually who they claim they are.

NIST 800-63A IAL3, the latest version of its security guidelines, has been revised for modern security to incorporate anti-phishing methods such as FIDO Passkeys and stronger authentication using cryptographic authenticators, while emphasizing rigorous risk-based identity proofing and enrollment that requires a scalable approach in order to keep pace with evolving threats. HyPR Affirm is an identity verification solution which meets both IAL3 and IAL2 compliance with chat/video/facial recognition (liveness detection), document authentication as well as supporting step up reproofing to provide continuous assurance.

NIST 800-63A IAL3 Compliant Solution

NIST Special Publication NIST 800-63A Remote IAL3 enrollment provides guidelines that address enrollment and identity proofing procedures for digital authentication. Although originally created for federal agencies, private and non-government organizations have also adopted it voluntarily.

The latest version of NIST 800-63A IAL3 introduces three Identity Assurance Levels (IALs), to assist agency decision makers in selecting an adequate security level for each service, application and user. These levels range from IAL1 to IAL3 with the latter requiring identity proofing services in-person for rigorous evidence validation purposes.

Recent revisions of FIDO2 emphasize phishing-resistant authentication methods like MFA and Passkeys as key differentiators, with email one-time passwords being deprecated and SMS authentication downgraded - acknowledging their susceptibility to sophisticated phishing attacks.

IDEMIA's advanced and comprehensive identity assurance platform, HYPR Affirm, directly meets NIST 800-63-3 requirements. It provides both IAL2 and IAL3 verification processes including face-to-face proofing, document authentication, facial biometric matching with liveness detection capability, step-up reproofing based on risk and step-down reproofing to reduce attack surface area significantly while also mitigating risk through cyber liability insurance and password reset costs, helping organizations bridge business and cybersecurity objectives simultaneously. NIST 800-63-3 and HYPR Affirm will put an end to vulnerable passwords while creating secure digital identities that support business operations objectives simultaneously.


NIST 800-63A IAL3 Verification

NIST 800-63A's Identification Proofing Level 3 (IAL3) requires on-site attended, face-to-face verification using biometrics, document authentication, and rigorous evidence validation. HYPR TrustSwiftly is a passwordless IAL3 compliant solution certified as FIDO that can help achieve this level of verification with its high assurance levels and absence of vulnerable passwords.

ID&V provides continuous risk monitoring capabilities that surpass those offered by authentication alone, including strong phishing-resistant authentication to keep digital identities safe from compromise and other potentially disastrous scenarios. ID&V can protect digital identities against unauthorized access that could otherwise lead to compromised accounts, data breaches, or other dire outcomes.