NIST (the National Institute of Standards and Technology) publishes standards in numerous business, science, and technology areas in which an authoritative measure would be useful. One such standard - 800-63 - that stands out as particularly crucial to digital identity is NIST 800-63 which promotes extensive identity proofing, strong phishing-resistant authentication processes, and secure federated identity practices.

It also sets expectations for more systematic digital identity risk management (DIRM). But its complexity can be confusing to navigate.

Verification

The core structure of IAL, AAL and FAL remains true to NIST 800-63-4; however, modernizations were made in response to current security requirements. In particular, this revised version facilitates phishing-resistant authentication (both device-bound and syncable passkeys) within AAL2 and AAL3, and introduces subscriber-controlled wallets as part of the federation model.

Comparable with AAL1 and AAL2, AAL3 identity proofing requires more stringent verification procedures, using evidence such as government issued documents validated through authoritative sources. Biometric comparison may also be necessary to confirm that the identity claims made match those presented as evidence. IAL3 requires more resources, but is necessary for providing high assurance transactions. CSPs offering this verification MAY combine various pathways in order to meet its goal and SHOULD record and make available to RPs information about what specific pathways were utilized when verifying an individual subscriber's claim of identity.

Compliance

NIST SP 800-63-4 IAL3 revisions mark an important shift away from checklist-based requirements toward risk-based Digital Identity Risk Management (DIRM). It emphasizes stronger, phishing-resistant authentication protocols which protect against data theft and compromise of real identities.

TrustSwiftly's unified nist ial3 verification and federation solutions can assist your organization with meeting nist 800-63-4 ial3 compliance, as we support mobile driver's license verification as proof, step-up reproofing based on risk, credential issuance with remote or in-person authentication and liveness detection support. Furthermore, automated joiner/mover/leaver workflows offer strong security while still offering easy onboarding processes for employees, students, contractors or patients.

Our powerful federation engine can accommodate the highest assurance levels, such as FAL1, and provides hardware-backed authenticators such as PIV/CAC cards for maximum assurance levels. Furthermore, our platform enables cryptographic MFA journeys for AAL2 and FAL3, as well as phishing-resistant FIDO Passkeys to satisfy IAL3. With role-specific assurance levels enforced through our platform, highly scalable attacks can be limited while keeping user experiences simple for all.

Fedramp

Federal agencies utilize FedRAMP to secure cloud services that meet security standards. It's mandatory for cloud deployments that hold sensitive, unclassified information and must be approved by their FedRAMP Project Management Office (PMO), with third-party assessment organizations (3PAOs) reviewing any CSP's security.

NIST SP 800-63-4 has recently been updated to be more user-friendly, focusing on finding a balance between security and usability in a digital-first world. The updated framework calls for stronger multi-factor authentication methods as well as supporting anti-phishing passkeys like hardware-backed passkeys.

fedramp high identity proofing also facilitates a more structured DIRM process that prioritizes risks to mission delivery, public trust and equity, individual users (including equity and privacy) and federation assurance level requirements based on user-controlled wallet models that leverage open standards. FedRAMP tracks these changes regularly and provides security reports to agencies; saving organizations both time and money performing independent security assessments themselves as well as prioritizing CSPs that have been reviewed by multiple agencies to ensure consistent use.

High Identity Proofing

Ial3 identity verification software provides superior identity proofing and authentication services for high-stake transactions, designed to limit highly scalable attacks. Intended to serve sensitive transactions (like secure building access or healthcare services) where false identities could have serious repercussions ( such as secure building access or healthcare services). It requires rigorous remote or in-person enrollment processes with superior strength evidence such as government credentials or biometric comparisons.

 

 

IAL3 stands apart from traditional authentication techniques by employing cryptographically signed assertions to transfer user and authentication event information between systems, and then verified or validated by organizations who control digital services (known as Relying Parties ) using various technical protocols.

Mitek's FIDO Certified passwordless authentication solution, TrustSwiftly, supports IAL3 with an effective verification process that uses both remote and onsite evidence collection such as document and facial recognition as well as step-up reproofing according to risk. For more information about TrustSwiftly's benefits for remote users a customized demo tailored specifically for them is recommended - for this you may require either a custom-branded kiosk or turnkey kit alongside chat, video and liveness detection as part of its robust authentication solution for remote users' use of an integrated IAL3 process.