Advanced identity validation through an IAL3 compliant solution

NIST's updated Digital Identity Guidelines (DIG) set clear requirements for relying parties to ensure that claimed digital identities are verified using an authenticator and their authenticity determined using an Authentication Assurance Level. Email one-time passwords have been downgraded from an IAL3 status due to phishing attacks; email two-factor authentication has also been made less vulnerable by being downgraded to an IAL1.

NIST 800-63A IAL3 Verification

TrustSwiftly's NIST 800-63A IAL3 verification solution provides users with a secure, scalable and federated identity proofing solution that allows them to independently validate their own attributes using multiple independent sources of verified data. It emphasizes collecting and validating many identity data points such as name, date of birth, address, phone number, DL numbers and social security number in order to provide an extra layer of verification that increases assurance against spoofing attempts - similar to what's required in NIST SP 800-63-3 for IAL3 identity assurance levels (identity assurance levels 3).

NIST 800-63A IAL3 outlines IAL3 as the highest level of identity assurance, using both remote and in-person identity proofing techniques, to ensure claimed identities can be unquestionably linked with real world identities, protecting against insider threats and nation-state attacks that cause multimillion dollar losses. NIST IAL3 verification solutions must meet FedRAMP High requirements; failure would result in slow compliance processes for any 3PAO and an audit failure by their 3PAO auditors.

TrustSwiftly’s IAL3 Verification Solution

National Institute of Standards and Technology's Identity Verification Level 3 (IAL3) is considered the highest level of identity verification. This process combines document validation and biometric comparison with strict oversight to reduce risks of impersonation or fraud, and Trust Swiftly's scalable and secure IAL3 compliant solution meets NIST 800-63A IAL3 specifications.

Traditional approaches to IAL3 require in-person verification sessions supervised by trained personnel, but traveling employees across the country and paying for hotels is expensive and creates logistical headaches, restricting you from placing them where they're most needed.

TrustSwiftly's IAL3 verification solution gives your remote employees access to kiosks to go through the verification process. Kiosks can either be custom built for them or deployed using one of our turnkey kits; each kiosk includes video chat capabilities, facial recognition with liveness detection and document authentication that adapts according to risk level reproofing capabilities; additionally there's also a return label and comprehensive report available that can be sent directly to security teams or 3PAO auditors for review.

NIST 800-63A IAL3 Compliance

NIST digital identity guidelines establish several security levels, with IAL3 representing an extremely high assurance level that claims match real world identification. This requires interaction between an applicant and trained CSP representative during an on-site attended identity proofing session in which at least one biometric characteristic is collected for IAL3 identity proofing, followed by enrollment into subscriber account with authenticators bound to it - thus protecting against more sophisticated attacks like evidence falsification, theft and repudiation, as well as other advanced forms of social engineering techniques.

The 2025 final release of 800-63-3 outlines requirements for Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL). With its essential revisions such as deprecating email OTP, downgrading SMS-based authentication, and the inclusion of phishing-resistant methods like FIDO Passkeys in AAL2 and AAL3, and subscriber controlled wallets in FAL1, these guidelines have become the global foundation for creating reliable authenticators and trustworthy identities.

NIST 800-63A IAL3 Authentication

NIST's Digital Identity Guidelines present an expansive and complex model of digital identities that go well beyond passwords and usernames. Their model centers around assurance levels, which measure how confident one is that their claimed identity corresponds with real world identities - these levels range from IAL1-IAL3, with the latter requiring in-person verification.

Identity proofing refers to the process of linking digital identities with real individuals in real life, and NIST has established three levels of assurance for this process. NIST recommends using an approach called Identity Assurance Level 3 (IAL3) that incorporates document validation and biometric comparison with strict oversight for identity verification purposes.

TrustSwiftlyscalable, Remote IAL3 enrollment verification solution makes compliance with NIST 800-63A easy without needing in-person attendance or costly identity proofing processes. This approach replaces email OTP/SMS authentication methods which can fall prey to sophisticated attacks with multi-factor authentication (MFA) that leverages FIPS 140 validated FIDO2 security keys - saving time, resources, and eliminating security vulnerabilities associated with email OTP/SMS authentication methods that fall victim to sophisticated attacks with multi-factor authentication (MFA).