NIST identity proofing at its most rigorous is called in-person IAL3 verification - think of it like showing up to a DMV office with multiple forms of ID to submit.
Costly, slow and non-scalable for remote workforces; security risks and compliance bottlenecks create major obstacles to overcome.
IAL3 Identity Proofing
NIST digital identity standards require high-assurance verification to verify that individuals seeking access are who they claim to be. Attestation Level 3 (IAL3) offers maximum assurance, requiring an on-site attended IAL session featuring biometric comparison and rigorous evidence validation; it offers protection from impersonation, fraud, and data breaches.
Traditional in-person IAL3 identity proofing involves hiring agents, which is both costly and difficult to scale. Furthermore, hiring agents also exposes you to socially engineered fakes such as realistic silicone masks or other forms of spoofing that may exist within an environment.
TrustSwiftly provides remote IAL3 proofing that meets NIST standards and saves you money by eliminating in-person agents. Liveness detection ensures the enrollment takes place, multiple biometric modalities (face, fingerprint, dual iris) for binding are captured for binding as well as security of an authenticator (such as YubiKey) immediately following each IAL3 session to prevent stand-in fraud, while producing an IAL3 report which you can send to auditors of 3PAOs and security teams.
IAL3 Compliant Solution
NIST 800-63A IAL3 solutions that excel use a combination of document validation and live face matching technologies with hardware-backed authentication such as YubiKey or FIDO Certified passwordless authentication to provide stronger defenses against spoofing attacks. Furthermore, these solutions bind multiple biometric modalities (face, fingerprints and dual iris recognition) securely stored as binding tokens for strong non-repudiation of verification sessions.
Proofing agents must either physically be present at the location or use an IAL3 session via remote device with secure camera capability to conduct it remotely - however this method can be costly, time consuming and difficult to scale across larger remote workforces.
The IAL3 framework represents the highest identity assurance level. This requires on-site proofing with stringent evidence validation and direct oversight to verify that whoever presents their credentials is who they claim they are - this type of identity verification helps safeguard sensitive data and comply with regulatory requirements.
IAL3 Retention & Frequency
Under National Institute of Standards and Technology guidelines, Identity Proofing at Level 3 (IAL3) is the highest level of verification available. This process involves correlating a claimed identity with their real identification using multiple methods including facial recognition, address verification, dynamic knowledge based authentication and voice authentication.
Maintaining compliance with NIST IAL3 service providers requirements can be challenging for security teams, who must balance how long to retain evidence for audit purposes with purging data early to avoid data breaches. TrustSwiftly's proprietary technology offers clients a simple solution that meets IAL3 requirements by eliminating document storage requirements and simplifying hardware logistics complexity.
Supervised remote identity proofing uses an integrative blend of automated and human verification methods tailored to different risk levels and use cases, with verification methods like document verification (with support for thousands of global documents), facial recognition with liveness detection, fingerprint scanning and dynamic knowledge based authentication as a reliable, cost-effective way of meeting FedRAMP requirements and NIST IAL3 standards. This IAL3 compliant solution offers high compliance rates.
IAL3 Training
NIST IAL3 verification is the highest level of identity proofing required to meet FedRAMP high requirements, equivalent to showing up at a government office with multiple forms of identification to establish that you are who you say you are. As it reduces fraud or impersonation risk, companies seeking to provide secure services such as remote access to corporate networks or sensitive healthcare data require this form of identity proofing as it provides assurance they are providing services without fraud or impersonation risk.
At this heightened level of verification, additional strength identity evidence and direct oversight is required to verify claimed identities match in reality. Live biometrics capture can detect sophisticated spoofing attacks such as deepfakes and AI impersonation attacks that use deepfakes or AI impersonation attacks against claimed identities.
While CSPs may find this level of verification expensive to implement onsite attended identity verification expensive for them to implement it is often the best protection against sophisticated social engineering fakes and man-in-the-middle threats such as socially engineered fakes or man-in-the-middle threats. Furthermore, additional document validation/verification requirements help minimize ID matching errors even further when more security is required than is offered through IAL1 for example when maximum security measures need to be applied IAL3 should be utilized when more security needs to be applied.
