Recent attacks by North Korean agents against defense contractors that involved hijacking remote systems and exfiltrating ITAR-controlled technology underscores the necessity of Identity Assurance Level 3 (IAL3) requirements, which redefine identity assurance levels to reduce highly scalable attacks by mandating things such as remote identity proofing services as well as hardware-anchored authenticators.
FAL will also be updated to protect against vulnerabilities like man-in-the-middle attacks, necessitating organizations to update their workflows and integrate new technical integrations.
IAL3 Verification
Ial3 identity verification software ensures that claimants are who they claim to be by requiring proof of ownership and control over two authenticators bound to subscriber accounts via secure authentication protocols. It limits highly scalable attacks such as man-in-the-middle attacks and phishing; further protecting against synthetic identities.
NIST SP 800-63-4 marks an important change from checklist-based requirements towards risk-based Digital Identity Risk Management (DIRM). The new guidelines emphasize stronger authentication protocols which are less vulnerable to phishing attacks as well as providing a strict FAL framework to address vulnerabilities of federated login assertions that can be intercepted by attackers.
This framework introduces various identity verification levels that require greater assurance of claimed identities, such as chat, video, facial recognition with liveness detection and document verification. By using solutions such as HYPR Affirm, organizations can meet IAL2 and nist 800-63-4 ial3 compliance across the full employee lifecycle; mitigating threats such as interview fraud, social engineering and password resets in an efficient way.
IAL3 Compliance
NIST's Digital Identity Guidelines define IALs as part of their Digital Authentication Guidelines, signifying how confident users can be that a claimed digital identity corresponds with an identifiable real world person or thing. Users can utilize this tiered system to verify their identities for online transactions or accessing resources in a federated environment.
800-63-4 maintains the same core structure of IAL, AAL and FAL but its requirements have been modernized to address new threats, user needs and solutions. One notable change is an increased emphasis on verifier impersonation resistance - in recognition of phishing attacks targeting relying parties - with email OTP being deprecated in favor of SMS-based authentication being downgraded while mandating phishing-resistant multifactor authentication such as FIDO2 Passkeys to provide higher assurance levels.
Modern credentials such as mobile driver's licenses and verifiable identities offer enterprises looking to increase security without creating additional friction a promising path forward. By mapping existing identity workflows to IAL, AAL and FAL definitions they can ensure readiness for future updates while offering secure yet seamless user experiences.
IAL3 Identity Proofing
NIST SP 800-63-4 has updated IALs (identity assurance levels) to more accurately reflect how rigorously identity is verified, with IAL1 offering minimal verification with self-asserted evidence; IAL2 providing moderate verification using validated documents or in-person nist ial3 verification; and IAL3 demanding physical presence and biometric fedramp high identity proofing with biometric authentication - for maximum assurance. HYPR's advanced FIDO Certified passwordless authentication, robust phishing-resistant authentication and user controlled wallets help organizations meet these criteria while reducing cyber liability insurance costs and minimizing threat surfaces with easy-use identity assurance solutions that give organizations peace of mind when it comes to cyber liability insurance costs or threats surface reduction.
NIST 800-63-4 builds upon existing NIST guidelines by strengthening federation assurance levels with cryptographic binding in federated transactions and formalizing subscriber-controlled wallets and verifiable credentials into its model of federated identity management, providing increased data protection, privacy, user control over digital identities and providing increased control against phishing attacks - something particularly pertinent given their increased prevalence today.Find out all about nist 800-63-4 ial3 compliance by clicking here or visiting our official site.
Comments