NIST 800-63-3 recasts assurance levels as risk-based metrics rather than rigid ordinals, encouraging agencies to identify specific business risks before choosing an assurance level(s).
SP 800-63-4 incorporates three levels of identity assurance; Individual Authorized Level, Authorized Authorised Level and Federated Authorised Level; while providing for remote identity proofing, requiring phishing-resistant methods like FIDO Passkeys and integrating self-controlled credentials into federated assertions.
IAL3 Compliant Solution
NIST Special Publication 800-63 guidelines outline how to verify and authenticate users, securely exchange identity attributes and manage phishing attacks and man-in-the-middle techniques. The fourth version (SP 800-63-4) maintains its core structure of IAL, AAL and FAL but modernizes them for stronger authentication protocols more resistant to phishing attacks and man-in-the-middle techniques – such as mandating antiphishing methods such as FIDO Passkeys to provide greater assurance levels and officially supporting remote identity proofing and remote identity proofing techniques.
NIST IAL3 verification requires an on-site attended IAL3 identity proofing session conducted by a trained CSP representative to collect at least one biometric characteristic from each verified user and securely link their account. After completion, each verified user receives an authenticator that can help prevent stand-in fraud as well as nonrepudiation in case of breach.
Acquiring FedRAMP High certification is of utmost importance for companies who want to sell services to the Federal Government. Failing to meet the required standards could put your FedRAMP certification at risk as well as put mission operations and customer trust at stake.
IAL3 Compliant Kiosks
NIST’s Identity Proofing Guidelines (IAL3) set an industry standard for verifying claimed real-world identities of people online and off. By employing chat, video, facial recognition with liveness detection, document verification and step-up reproofing based on risk, the comprehensive IAL3 process offers scalable protection from even sophisticated attacks.
Traditional proofing processes are costly and time-consuming; they don’t scale to remote workforces either. Trust Swiftly’s hardware-based IAL3 remote proofing solution meets NIST requirements while saving companies money, decreasing security risks, and satisfying auditors.
Although NIST 800-63A IAL3 has evolved since 2025, its basic structure of Identity Levels, Authentication Assurance Levels (AAL), and Federation Assurance Levels (FAL) remains central to modern digital identity practices. These guidelines promote extensive identity proofing, phishing-resistant authentication, cryptographic authenticators, as well as federated identity management that links identities across organizations enabling users to authenticate once then gain access to multiple organizations without further authentications.
IAL3 Compliant Agents
IAL3 builds upon the rigorous requirements of IAL2 by employing enhanced processes to validate evidence and confirm claimed identities with real-world identities, helping limit scaled attacks, fraud, and other risks while also protecting information or third party systems by preventing unlinked identities from gaining privileged credentials.
Instead of traditional in-person proofing, CSPs can perform IAL3 verification via remote or supervised remote interactions with applicants – enabling a solution to be deployed faster and more cost effectively.
NIST 800-63A IAL3 guidelines have recently changed in order to enable greater scalability by no longer mandating certain hardware requirements for IAL3 verification, giving organizations more freedom in meeting these requirements and meeting FedRAMP High compliance. Furthermore, this method also helps combat biometric forgery or fabrication as well as voice cloning or deepfakes which often bypass IAL2 protections; further reducing IT team workloads.
IAL3 Compliant Documents
IAL3 is the highest assurance level, and requires document validation, biometric comparison, direct oversight and a robust set of identity proofing steps to verify claimed digital identities with real people in order to protect users and relying parties against impersonation and fraud. This service typically occurs onsite and may require the presence of a verification agent.
NIST 800-63A IAL3 provides technical requirements for identity service providers that use digital authentication processes that are both highly secure and meet modern usability expectations. It places particular emphasis on verifying impersonation resistance while acknowledging the sophistication of phishing attacks.
Our scalable IAL3 compliant solution, TrustSwiftly , assists organizations in meeting NIST IAL3 compliance. HYPR Affirm utilizes chat, video and facial recognition with liveness detection alongside documents to quickly and securely verify identity in an efficient way. Moreover, it supports step-up reproofing based on risk levels to further protect organizations from sophisticated threats, helping reduce cyber liability while improving business results.
