The IAL3 identity proofing process offers the highest level of assurance and requires in-person attendance. It is ideal for highly sensitive transactions such as accessing secure physical buildings. Additionally, its use helps limit sophisticated attacks like evidence falsification, theft and repudiation.

Identity verification involves using a robust method that compares evidence against those provided by applicants in person or remotely, to confirm who they really are. This can be accomplished using both remote and in-person verification techniques.

NIST IAL3 verification

NIST Digital Identity Guidelines provide essential requirements for comprehensive phishing-resistant authentication, secure federated identity management and strong identity proofing. With the final release of NIST 800-63A IAL3  in 2025 came a significant shift away from checklist-based requirements towards risk-based digital identity framework that prioritized strong authentication protocols against potential hacking attempts.

NIST IAL3 verification offers the highest degree of assurance that an online account holder's claimed identity matches up with their real world identity. This level of verification requires in-person meetings between an examiner and applicant in order to validate documents, biometrics, and other forms of evidence validation.

NIST 800-63A IAL3 provides several strategies and techniques for gathering evidence that supports an individual's claimed identity, such as fingerprints, photographs, driver's license/passport photos, driver's licenses or passports, social security cards, utility bills, medical records and many other physical/digital documents. NIST also specifies minimum verification strength requirements for each IAL; for instance IAL3 requires biometric comparison at SUPERIOR strength while an automated or human matching mechanism could compare key identity elements of captured or submitted evidence with that identified piece of verified evidence.

IAL3 identity proofing

Identity proofing and verification with IAL3 ensure the authenticity of physical documents that provide strong evidence of an individual's claimed identity, such as secure physical access or benefits eligibility checks. Although more intensive and costly than IAL2, they're necessary in protecting against fraud and identity theft.

Representing parties should minimize their requests from CSPs for attributes necessary to verify an applicant's identity with a given level of assurance, so as to minimize burden and mitigate potential privacy risks.

A successful process should balance security requirements with user friction. A seamless user experience will help to reduce password-related risks and encourage adoption of multi-factor authentication (MFA). Furthermore, testing processes with diverse users is vital to address accessibility and usability concerns.

IAL3 compliant solution

NIST digital identity guidelines stipulate IAL3 as their highest identity assurance level and require physical on-site attendance at a verification session to perform it. A hardware-backed authentication platform, high assurance document verification methods and biometric comparison are also needed in this level of verification process to authenticate claimed identities. Finally, it requires an experienced referee who makes risk-based decisions and handles exception handling when required.

Attaining IAL3 compliance can be both time and cost prohibitive for CSPs, given its requirement that an attendee must physically present during proofing process. Furthermore, this restriction limits CSP's audience participation because only people near verification site may take part.

TrustSwiftly's IAL3 compliant solution eliminates this challenge with an automated, secure and scalable remote proofing process that helps minimize security risks and cyber liability. The IAL3 identity proofing process employs document validation, facial recognition with liveness detection and strict oversight to ensure compliance.

TrustSwiftly’s IAL3 solution

TrustSwiftly's IAL3 solution meets NIST standards for the highest level of identity assurance. Combining document validation and biometric comparison with stringent oversight to prevent impersonation and fraud as well as to limit highly scalable attacks over time through evidence falsification, theft or repudiation, it reduces the risk of impersonation or fraud as well as to limit highly scalable attacks that may take place over time through evidence falsification, theft and repudiation.

The IAL3 process combines in-person proofing and remote verification and supports various verification methods, such as mobile apps and self-service kiosks in secure areas. Furthermore, step-up reproofing based on risk helps customers quickly scale to meet FedRAMP High compliance standards while simultaneously safeguarding against sophisticated fraud attempts.

To qualify for the bounty, participants must be able to successfully bypass Trust Swiftly's IAL3 process using advanced spoofing techniques and provide documentation of their approach. Reward amounts depend upon how successfully their approach worked: Grade A methods could result in winning up to $100,000 as prizes while non-Grade A ones will receive lower awards.