The NIST 800-63-3 Digital Identity Guidelines introduce a risk-based framework with modular assurance components. Identity Ascription Laid Back (IAL) defines whether claimed identities correspond with real world existence; AAL governs authentication strength with emphasis placed upon phishing-resistant multi-factor authentication (MFA) and hardware authenticators; FAL ensures secure federation practices using encrypted and standards compliant assertion handling.
Modern identity management platforms such as HYPR meet these requirements with its continuous authentication and risk evaluation framework, providing full compliance with NIST 800-63-4 standards and Zero Trust principles. Fischer Identity customers can feel assured in adopting NIST 800-63-4 knowing their IAM platform already aligns to NIST 800-63-4’s requirements.
Verification
NIST has established Identity Assurance Levels (IALs), which measure the degree to which digital identities claimant correspond with real identities in reality. Attestation requires on-site attended, document-based and biometric proofing; this level of rigor is essential when dealing with high risk applications like healthcare services and security-critical transactions that demand complete assurance.
The IAL3 framework requires CSPs to verify applicant information against evidence presented, including document authentication (scanning for security features and verifying them against original source documents) as well as liveness detection to make sure that the person performing these procedures is actually the applicant.
HYPR Affirm, the FIDO Certified passwordless authentication and nist ial3 identity verification platform from HYPR, helps organizations meet IAL2 and nist 800-63-4 ial3 compliance by offering chat, video, facial recognition with liveness detection and document validation services. Not only do these strengthen IALs but they also eliminate costly passwords while decreasing cyber liability insurance costs while simultaneously decreasing attack surface area.
Compliance
IALs offer various levels of assurance that core attributes underlying claimed identities correspond with reality, including identity proofing and remote or in-person enrollment (See [SP800-63A]). At enrollment time, CSPs create subscriber accounts and link authenticators issued or provided by them (CSP-issued or subscriber provided), to this account; subscribers have an obligation to safeguard control over these authenticators in line with CSP policies for revoking them if lost or stolen (See [SP800-63A].]). [SP800-63A provides normative guidance and requirements regarding these IALs].]
At AAL3, authentication requires high confidence that the claimant controls authenticators tied to their subscriber account by employing secure authentication protocols and approved authenticator types.
Fedramp
FedRAMP creates an advantage for both federal agencies and CSPs by standardizing security assessment, authorization and continuous monitoring. It speeds the adoption of cloud technologies by eliminating redundant security assessments while giving assurance that CSPs adhere to established practices for security protection.
CSPs seeking FedRAMP Low approval will gain entry to the federal marketplace and serve as a stepping stone to Moderate or High impact levels, opening doors to growth across both federal and commercial markets. Experience, documentation and control implementation gained during Low can also be leveraged in other initiatives to reduce overall compliance efforts.
FedRAMP Low standards can also be utilized to satisfy requirements set by other frameworks like SOC 2, ISO 27001, and Cybersecurity Maturity Model Certification (CMMC), saving both time and money when conducting cybersecurity assessments for defense contractors serving DoD. In short, FedRAMP saves both time and money – something especially vital in today’s connected, interdependent, and vulnerable digital world.
High Identity Proofing
Ial3 identity verification software helps prevent fraud by verifying who the individuals claiming to be. It also serves as an integral element in meeting Know Your Customer (KYC) requirements for businesses that handle sensitive assets and data such as banks and healthcare providers.
An effective fedramp high identity proofing solution should help you identify potential customers by conducting checks against sanctions lists, enforcement databases and your own custom checks. This ensures compliance breaches don’t incur fines, while guaranteeing only genuine transactions happen between genuine customers.
Identity Proofing should be non-intrusive and effortless for users. This can be accomplished by integrating it with existing security and authentication processes or by offering convenient ways of proving identity such as self-asserted attributes or life history and biometric verification methods. Ideally, identity proofing solutions should support multiple assurance levels according to internal risk policies and can be deployed via federated models for deployment.
