This document includes requirements that address enrollment and identity proofing at various Authenticator Assurance Levels (AAL), including using federated identities or assertions.
At IAL1 Identity Proofing processes must link claimed identities with real world ones and verify this relationship remains stable; this can be accomplished either in-person or through remotely supervised identity proofing processes.
TrustSwiftly is NIST 800-63A compliant
IAL3 is the highest level of identity verification and requires an on-site attended interaction with a CSP representative. Its purpose is to protect against highly scalable attacks while mitigating more advanced evidence falsification, theft and repudiation techniques. IAL3 requires physical interaction with a live person to review documents and compare biometrics. This process is costly and time consuming; social engineering techniques may provide an easier solution than being physically present for this examination; ultimately increasing costs for CSP and RP.
Trust Swiftly’s scalable solution meets these NIST requirements and supports multiple pathways to IAL3, so CSPs can select an approach tailored specifically to their use cases, populations and threat environments – IAL3 compliant solution helps customize digital processes while meeting modern usability expectations – something no single solution could ever do alone.
TrustSwiftly is IAL3 compliant
IAL3 provides the highest level of assurance by mandating an on-site attended identity proofing session, in which a CSP representative interacts directly with an applicant through kiosk or device and collects biometric characteristics from them. Furthermore, this level requires strict processes and procedures for handling exceptions when attributes do not match those claimed by them.
At this level of assurance, while CSPs incur high costs and limit their ability to scale, it provides excellent protection against sophisticated attacks like spoofing, liveness detection and rigorous chain-of-custody procedures. Furthermore, this holistic approach to security incorporates continuous risk monitoring.
Recently, meeting the criteria of IAL3 compliance required flying around a team of employees with special access privileges across the country for proofing sessions – an approach which proved both costly and infeasible in companies with distributed workforces, not to mention logistical nightmares that caused projects to run slower and decreased productivity. TrustSwiftly now offers an affordable NIST IAL3 verification service which meets IAL3 requirements; their verification services ensure compliance and reduce risk.
TrustSwiftly is IAL3 ready
FedRAMP High offers three levels of identity assurance: IAL3 is the highest tier available and requires rigorous checks to validate that an individual is who they claim they are – essential for secure online services that require access to sensitive data as well as protecting against advanced attacks such as evidence falsification, theft or repudiation.
Contrary to IAL1, which can be verified remotely, IAL3 requires an in-person attended IAL3 identity proofing process, or at the very least enhanced methods like document and biometric comparisons. Onsite attendance can be achieved either through co-locating with CSP representative at the session via co-located kiosk or device or attending remotely through remote supervised kiosk or device.
In addition to requiring an onsite attendee, IAL3 requires authenticators be linked with each verified identity in order to reduce stand-in fraud by associating credentials with real people. This process has typically involved flying employees in for proofing sessions – which is costly, inconvenient and creates compliance bottlenecks which can easily be socially engineered around.
TrustSwiftly is IAL3 affordable
NIST offers three levels of identity assurance. At its highest level, IAL3 requires an on-site attended identity proofing session with a trained CSP representative to collect at least one biometric characteristic and enroll a person into a subscriber account with at least one authenticator tied to their verified identity.
This requirement limits how many individuals you can verify while also increasing the costs associated with supply chain management, hardware configuration and physical security auditing. A full NIST 800-63A IAL3 process would present logistical nightmares to any business with a remote-first culture.
One potential solution would be for an employee with expertise in identity proofing to travel to each location and perform sessions for IAL3. While this option may be expensive and time consuming, allowing your distributed workforce to stay compliant could prove costly and inflexible. Trust Swiftly’s supervised remote identity proofing offers much cheaper and more efficient alternative by combining automated verification methods with human oversight for evidence capture and handling any issues as needed; its adaptable security measures feature facial recognition with liveness detection, fingerprint and voice biometrics as additional augmentations for complete compliance.
