The IAL3 level requires in-person verification and strong biometric matching, making it ideal for high-stakes uses such as accessing secure locations or checking eligibility for benefits eligibility checks. Unfortunately, this tier is also less accessible and demands more resources from CSPs.

The new guidance retains IAL, AAL, and FAL levels as independent options that agencies may select depending on business and security demands. Furthermore, it advocates phishing-resistant authentication methods like FIDO passkeys.

IAL3 identity proofing

IAL3 identity proofing level is designed to defend against more sophisticated attacks, including fraud, theft, repudiation, and advanced social engineering tactics. A trained CSP representative must interact directly with applicants at an on-site attended identification proofing session and collect at least one biometric characteristic before issuing one or more authenticators associated with that IAL3 identity.

At NIST 800-63A IAL3, identities are confirmed through comparison of key identity elements to an evidence set (i.e., ID document or portrait). This process may be carried out remotely or directly and can utilize various capture mechanisms including biometrics, iris scans and facial capture technology.

An integrated platform for identity management, validation and verification is crucial to meeting IAL3 compliance. Such an environment must support modern identity proofing methods like mobile driver's licenses and syncable authenticators as well as providing an efficient framework for digital identity risk management (DIRM), including conducting regular evaluations of processes, identifying fraud indicators and mitigating user drop-off.

IAL3 compliant solution

IAL3 is an identity verification method which requires enrollees to be physically present during enrollment. As it requires more resources and should only be utilized when dealing with high-stakes transactions - for instance a business might use this process when providing secure building access or transferring money.

Top Remote IAL3 enrollment solutions employ advanced liveness detection and face matching technologies to compare enrollee faces against reference images in their identity documents, while simultaneously binding a comprehensive biometric modalities suite to each identity credential to prevent SIM swaps or MFA bypass attempts.

An effective IAL3 solution should support the highest levels of NIST authentication assurance. This requires supporting NIST 800-63A IAL3: Authentication and Lifecycle Management which outlines procedures for authenticating users at various Authenticator Assurance Levels (AAL), Federation Assurance Levels (FAL), hardware-backed authenticators to guarantee maximum security, user-facing policies that balance security with usability and accessibility, etc.

NIST IAL3 verification

NIST has established Identity Assurance Levels (IALs) to indicate the strength of an identity verification. This tiered approach allows relying parties to assess whether an individual's claimed identity corresponds with his/her actual one; additionally, these IALs help build trust when using digital authentication for federated access.

Contrary to IAL2, IAL3 requires physical presence for identity proofing sessions - either directly or remotely supervised - during identity proofing sessions. The process itself is more stringent and involves biometric comparison between an applicant's biometrics and strongest form of identity evidence; additionally, headshot verification sources of truth must also be established as part of this framework for authenticity reasons and impersonation resistance.

Azure AD offers a comprehensive selection of authenticators, from multi-factor cryptographic hardware authenticators that meet NIST AAL 3 requirements to FIDO2 security keys, smartcards and Windows Hello for Business authentication methods that must all be FIPS 140 validated to satisfy these standards.

TrustSwiftly

NIST IAL3 verification is an effective form of identity proofing designed to reduce fraud and cybercrime risk. Utilizing resolution, validation and verification processes in conjunction with instances of fraud detection to detect anomalous situations quickly - these processes aim at preventing sophisticated forms of attacks against individuals or companies.

TrustSwiftly provides a secure IAL3 compliant solution, combining document verification, iris scanning, facial recognition with liveness detection and voice authentication into one supervised remote process that guarantees accuracy and security while providing a seamless user experience. With its unified processes and continuous monitoring capabilities, the system adapts easily to changing risks and use cases.

IAL3 non-biometric pathways circumvent biometric comparison while still mandating stringent chain-of-custody procedures and anti-spoofing protections. They're ideal for use cases that don't need high assurance levels; plus they allow additional verifications such as device checks to be completed by trusted referees.