NIST digital identity guidelines define IAL3 as their highest identity assurance level to safeguard against sophisticated attacks such as evidence falsification, theft and repudiation.
TrustSwiftly can assist organizations in meeting IAL3 requirements by offering an efficient proofing journey that includes chat, video, facial recognition with liveness detection and document authentication. This enables organizations to achieve FedRAMP high compliance while lowering cyber liability insurance premiums and operational expenses.
Document Authentication
NIST 800-63A IAL3 marked an important transition away from checklist-based requirements toward risk-based Digital Identity Risk Management (DIRM). Under this new approach, organizations must continuously evaluate threats, service impacts and user populations before selecting an IAL, AAL, FAL (and, for those needing higher assurance levels, also a Federation Engine).
IAL3 security level sets more stringent verification requirements for digital identities claimed online, including on-site attended identity proofing sessions with direct observation, verification of documents against authoritative sources, and biometric comparison with claimed attributes. This helps prevent impersonation or fraud by verifying whether those seeking to access an account actually own it under their claimed identities.
IAL3 also helps combat phishing-resistant authentication by explicitly supporting FIDO Passkeys and Subscriber-Controlled Attribute Wallets within the Federation model, both features which help reduce SIM swapping and MFA bypass attempts. Solutions which support both IAL3 and AAL2 offer flexibility when it comes to scaling up assurance level as needed based on threats or services being targeted.
Biometric Verification
Biometric verification employs unique physical traits or characteristics to uniquely identify an individual and confirm their identity. Unlike passwords, biometric information is nearly impossible to steal or falsify and thus makes for a powerful security solution and "know your customer" (KYC) compliance check tool. Biometrics can be used to authenticate facial features, voice patterns, fingerprints or handwriting as a form of verification.
Biometric data is captured and converted to digital templates by biometric systems for comparison and identification purposes. Matching an individual against these templates involves probabilistic calculations with margins for error; to minimise these false positives and negatives during enrollment and identification processes.
NIST 800-63A IAL3 keeps the three-tier model of IAL, AAL and FAL but adds requirements for cryptographic binding in federated transactions as well as remote identity proofing (IAL2) using mobile driver's licenses or verifiable credentials - KBV methods may also be utilized by this verification level to achieve fair, strong or superior verification strength levels.
Liveness Detection
Fraudsters who possess high-resolution images of an authorized user's face or fingerprints can bypass biometric authentication systems, so liveness detection has become an essential security component in modern identity-proofing processes.
Liveness detection determines if the biometric sample being provided is taken from an actual living person or is simply an imitation representation. This process can either be passively or actively conducted; passive systems look for natural motion in captured images while active methods require enrollees to perform specific actions that cannot be replicated easily by fakes, such as blinking or moving their mouth.
Liveness detection methods may be bypassed, but using multiple techniques at the same time can provide additional security against phishing attacks and bypasses. TrustSwiftly's IAL3 compliant solution uses remote yet supervised ID&V, biometric comparisons against digital identities claimed for identification and NIST 800-63A IAL3 verification to reduce impersonation, MFA bypasses and SIM swapping attempts.
Secure Connections
NIST 800-63A IAL3 - the last version before being replaced by 800-63-4 - marked an important shift from checklist-based requirements to risk-based Digital Identity Risk Management (DIRM) framework in 2025. Specifically, it provided criteria for selecting an appropriate Identity Assurance Level (IAL), Authentication Assurance Level (AAL) and Federation Assurance Level (FAL) to suit various use cases, populations and threat environments; clarified FAL standards by deprecating email OTP, downgrading SMS authentication using SMS; mandating phishing resistant MFA; and officially integrating FIDO Passkeys.
TrustSwiftly's FIDO Certified Passwordless Authentication and Identity Verification platform enables organizations to easily comply with NIST IAL3 verification guidelines by employing its IAL3 capabilities such as document authentication, biometric comparison, liveness detection, phishing resistance and cryptographic authentication. In addition, TrustSwiftly provides remote yet supervised IAL3 identity proofing using technologies like video-based biometric verification; fully recognized pathways that verify claimed identities at IAL3. Ultimately this allows CSPs leverage different strategies for meeting NIST requirements while fulfilling promises of secure connections that keeps promises made.