NIST 800-63 is a set of digital identity guidelines that provides a practical framework for online identities. It divides assurance requirements into three dimensions, such as proofing, authentication and federation.
Organizations don't need to match levels exactly; for example, lighter identity proofing (IAL2) may be combined with stronger authentication (AAL2). The new version of the guideline strongly advocates for using phishing-resistant authentication methods like FIDO passkeys while supporting pseudonymity in federated environments.
IAL3 Compliant Solution
IAL3 authentication demands high assurance, phishing-resistant authentication and robust identity proofing measures that include unalterable digital evidence with audit trails and controlled hardware to defend against spoofing attacks that could otherwise compromise its integrity.
TrustSwiftly offers an easy-to-use NIST IAL3 remote solution designed for FedRAMP high compliance. Authentication journeys are enhanced through chat, video, facial recognition with liveness detection, document authentication and step-up reproofing based on risk to help lower cyber liability insurance costs and operational expenses by decreasing password resets.
TrustSwiftly stands out from other NIST 800-63A compliant identity verification solutions by being capable of performing an IAL3 process both in-person and remotely (i.e. supervised remote) for individuals with special needs such as minors. A trained agent monitors proofing sessions to ensure correct steps are being followed and any issues that arise are quickly dealt with - similar to how security guards review ID before admitting people into some offices.
IAL3 Authentication
The NIST 800-63A standards offer a framework to securely verify identities and secure online transactions with confidence. They consist of Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL), with solutions for each being presented as Identity, Authenticator, or IAL3 compliant solution. Document authentication with high pixel counts to reduce spoofing risks; biometric NIST IAL3 verification with multiple modalities that increase adoption while decreasing false negatives; secure connections that protect against malware threats all contribute to an effective IAL3 compliant solution.
NIST 800-63-4 updates the digital identity guidelines by mandating more robust, phishing-resistant methods like FIDO passkeys. AAL and FAL levels now explicitly support remote authentication while the IAL levels still require some combination of something you know, something you have, and something you are; but in-person proofing was removed at IAL1.
IAL3 Multi-Factor Authentication
NIST's Digital Identity Guidelines provides a series of Identity Assurance Levels (IALs) to quantify confidence that an asserted digital identity corresponds to real world existence. At Level 3, superior-strength identity evidence must be submitted and bound with an authenticator in order to prevent stand-in fraud as well as multimodal verification to reduce spoofing risks.
SP 800-63-4 also expands and modernizes DIRM processes by shifting away from enterprise risk management towards considering impact to mission delivery, public trust and individual users (such as equity and privacy). Furthermore, this standard modernizes federation models by supporting remote IAL3 identity proofing level or higher; demanding phishing-resistant methods like FIDO Passkeys; and integrating subscriber wallets such as mobile driver licenses or verifiable credentials into subscriber wallets.
TrustSwiftly's NIST 800-63A IAL3 compliant passwordless authentication and identity verification solution meets its requirements directly by offering a safe, remote-supervised yet unobtrusive identity proofing process that combines document authentication, liveness detection, high pixel counts to counter spoofing threats, biometric comparisons for added assurance levels, as well as trusted encrypted connections that protect from malware threats while providing multi-modal identification options.
IAL3 Biometrics
NIST 800-63A IAL3 digital identity verification is a highly secure process that verifies an individual's real-world identity by using chat, video, facial recognition with liveness detection and document authentication. It enables step-up reproofing according to risk, helping organizations bridge the gap between business and security objectives. This approach reduces cost with reduced cyber liability insurance premiums and operational expenses from password resets while safeguarding customer data and privacy by dramatically decreasing attack surfaces.
NIST SP 800-63-4 2025's release shifts focus from checklist-based requirements towards a more structured Digital Identity Risk Management (DIRM) process that explicitly takes into account impacts to mission delivery, public trust and individual users (such as equity and privacy). Furthermore, stronger authentication methods including device-bound FIDO Passkeys are prioritized.
IAL3 in-person process requires someone to review your ID documents and compare your face against one of the photos taken of you; although this option can also be done remotely. Unfortunately, this option can be costly and inconvenient for enrollees. Conversely, the IAL2 non-biometric path enables remote comparisons against any reference image using any biometric modality as long as controls against impersonation, presentation and spoofing are met.
