NIST Special Publication 800-63 outlines technical requirements identity providers must abide by to guarantee reliable identification of individuals. It outlines three levels of assurance: IAL1, IAL2 and IAL3.
At this level, authentication tools must provide high assurance that they belong to and can be linked back to a specific subscriber account. This may be achieved either through in-person and/or remote enrollment – or alternatively, via supervised remote enrollment.
What is Trustswiftly?
Trustswiftly is a next generation nist ial3 verification solution, adapting to evolving fraud patterns through an innovative combination of remote and in-person authentication methods. Remote identity proofing offers real customers a more efficient and enjoyable experience while quickly and effectively detecting criminal actors. This platform employs 15 verification processes to safely approve legitimate online-commerce customers and prevent chargebacks while simultaneously blocking fraudulent attempts. Trust Swiftly uses various authentication techniques, including document verification (with support for thousands of global documents), biometric checks (facial recognition with liveness detection, fingerprint and voice scanning), as well as dynamic knowledge-based authentication.
Trust Swiftly integrates seamlessly with Stripe Radar to automatically route risky transactions for additional security reviews, offering pay-as-you-go pricing without lengthy contracts and robust verification methods that meet a range of use cases, from age verification for age restricted sales to fraud prevention on high value purchases.
NIST 800-63-4 IAL3 Compliance
The NIST 800-63-4 guidelines offer a foundation for digital identity management, providing guidelines to proofing, authenticate and manage federated identities. The assurance levels available range from one (IAL1) to three (3) which depict how rigorously an individual’s claimed identity must reflect their actual one.
IAL3 requires rigorous identity proofing procedures, from remote or in-person verification of reliable evidence to high levels of security protections that limit highly scalable attacks like phishing. Furthermore, this federation model mandates MFA which is resistant to phishing attacks as well as passwordless authentication protocols like FIDO Passkey to provide robust alternatives to password-based methods of authentication.
SP 800-63-4’s final release in 2025 elevates risk management through a structured DIRM (digital identity risk assessment) process, which considers enterprise and service impacts as well as individual users’ equity, privacy, and trust. Furthermore, this guidance clarifies responsibilities for CSPs while deprecating email OTP and significantly downgrading SMS-based MFA. Furthermore, this document advocates for phishing-resistant credentials such as mobile driver’s licenses or verifiable credentials for authentication.
Fedramp High Identity Proofing
fedramp high identity proofing is the strictest civilian security standard intended to safeguard unclassified Federal data. This standard mandates rigorous identity proofing, advanced phishing-resistant authentication and secure federated identities – standards which many agencies like Department of Justice and Department of Homeland Security use to protect sensitive information and systems.
Discover risks using a single platform that offers both low-friction verification for most users, as well as FedRAMP-aligned IAL3 proofing when needed. Document verification decisions, approvals and evidence in a way security and compliance teams can easily defend and audit.
Trust Swiftly’s ial3 identity verification software uses various forms of identity validation such as document checks, biometric analysis with liveness detection and SMS/voice confirmation to apply risk-based decision making across user populations. This reduces authentication costs while still meeting strong levels of security, usability and nist 800-63-4 ial3 compliance – something the right identity verification software should also do! KYC requirements must also be fulfilled; integrate with onboarding processes for enhanced verification as part of Know Your Customer (KYC).
Trustswiftly’s Identity Verification Software
The NIST Digital Identity Guidelines offer clear criteria on how to authenticate identities based on Assurance Levels (IALs). These levels measure the degree of certainty with which an online identity corresponds with real world identities; from IAL1 through IAL3 these levels require various degrees of verification.
SP 800-63-4 provides these assurance levels, which enable relying parties to confidently map their identity workflows against appropriate security and risk thresholds. SP 800-63-4 extends these Assurance Levels further by formal integrating FIDO device-bound passwords for federated assertions as well as requirements designed to limit highly scalable attacks like social engineering, SIM swapping and replaying.
Trustswiftly’s supervised remote identity verification services and the HYPR Affirm comprehensive identity verification platform directly support organizations in meeting NIST compliance by offering high assurance levels (specifically AAL3 and IAL2), eliminating password-based authentication methods, document verification (supporting thousands of global documents), biometric checks such as facial recognition with liveness detection, fingerprint, voice, as well as knowledge-based authentication as well as dynamic knowledge-based authentication.
