NIST 800-63-4 is the latest iteration of Digital Identity Guidelines issued by NIST. This updated framework for ID systems prioritizes stronger antiphishing authentication as well as supporting FIDO passkeys and subscriber wallets, among other changes.

The basic structure of IAL, AAL and FAL remains, with organizations choosing assurance levels based on business and risk requirements. This may involve remote but supervised identity proofing services as well as liveness detection support services as well as step-up reproofing based on risk levels.

Verification

In-person nist ial3 verification uses face, fingerprint and dual iris scanning technologies to reduce impersonation attacks - one of the main cyberthreats. Furthermore, this ial3 identity verification software helps prevent SIM swapping and MFA bypass by linking biometric credentials securely with identity credentials; enabling you to re-prove users when necessary and reduce fraud risk without needing them to visit your office in person.

Identity proofing requires higher-strength ID&V evidence such as passports or government issued documents to meet high stakes transactions, however IAL2 combined with strong biometric comparison is usually sufficient for services like secure building access or bank accounts.

NIST's Special Publication 800-63 is an extensive set of standards that provides guidance for organizations to authenticate users, verify identities, and safely exchange that data among systems. However, its application to real world scenarios can be complex. In its fourth revision version (revision 4), risk management considerations go beyond enterprise risks to consider impacts on public trust, individual users (such as privacy), as well as providing requirements for phishing-resistant authentication for FIDO passkeys and subscriber controlled wallets.

Compliance

IAL3 standards aim to establish reliable links between an individual's claimed identity and real-world identities. As opposed to IAL2, these standards involve more stringent steps and processes for creating such links - for instance collecting additional evidence and employing more stringent verification processes - thus creating pseudonymity within a federated environment.

TrustSwiftly's NIST 800-63-4 IAL3 compliant solution, HYPR Affirm, employs chat, video, fingerprint comparison with liveness detection and document verification to provide high assurance attestation and provide increased protection from highly scalable attacks such as SIM swapping or MFA bypassing. HYPR Affirm also prevents impersonation and synthetic identity by securely connecting biometric credentials with identity credentials; in this way a malicious actor would need access to devices bearing enrollee's face before successfully impersonating them successfully.

Fedramp

NIST 800-63 identity verification standards provide organizations with tools to accurately confirm an individual's real-world identity before providing digital access services to them. Based on the belief that greater confidence is placed in individuals' claims of identity, the lower their risk of fraud or theft of personal data becomes. They accomplish this goal by setting assurance levels for authentication processes and authenticators authentication processes.

The standard defines three levels of assurance - known as IALs, AALs, and FALs - along with credential service providers' (CSP) responsibilities and processes in conveying user identity credentials - called assertions - to their relying parties (RP).

Establishing an IAL3 solution involves employing the most rigorous identity verification measures available, such as document verification, facial recognition with liveness detection or cryptographic authentication for enhanced phishing resistance and man-in-the-middle protection. Integrators should submit evidence starting with their strongest proofing evidence until reaching IAL3. IDEMIA ID&V provides APIs which map SP 800-63A terms and levels to their ID&V counterparts allowing integrators to directly reach fedramp high identity proofing through capture/comparison of strong reference evidence.

High Identity Proofing

NIST's Identity Guidelines offer businesses a framework for protecting digital services from identity fraud. The three levels of assurance, IAL (low), AAL (medium) and FAL (high), require users enrolled with FAL services to present evidence supporting their claimed identities with superior strength identity evidence matching claimed identities; FAL levels also mandate strong controls to limit highly scalable attacks such as replay of SMS OTPs as well as prevent synthetic identities or compromised personal information being created through compromises of personal information.

TrustSwiftly helps organizations meet nist 800-63-4 ial3 compliance by offering an identity management platform with passwordless authentication and identity proofing for employee lifecycle. It combines chat, video and facial recognition along with liveness detection, document authentication and step-up reproofing based on risk to reinforce IALs - giving organizations both NIST SP 800-63-4 benefits as well as operational cost savings from reduced password resets Powered by HYPR technology this helps build stronger digital futures that protect employees and customers