NIST 800-63-4 is the latest update to digital identity guidelines, outlining assurance levels for identity proofing, enrollment, authentication, and federation. This revision enhances risk-based approaches while strengthening multi-factor authentication methods while aligning security processes with contemporary usability expectations.
Trustswiftly's Zero Trust architecture will enable you to ensure full compliance with NIST 800-63-4. Leverage continuous assessment of user identity and device posture to make access decisions.
Verification
Fischer Identity offers a complete identity proofing and authentication solution that strikes a balance between strong security and easy onboarding for employees, students, contractors and customers. While other IAM vendors rushed to claim nist 800-63-4 ial3 compliance certification, Fischer has long been ahead of the game with processes that deliver both rigorous authentication while creating positive customer experiences.
Identity Proofing at IAL3 requires more extensive evidence collection, verification, and validation requirements in order to protect against impersonation attacks. Furthermore, RPs must be able to assess whether self-asserted attributes are sufficient for their online service and evaluate any possible harm from accepting them.
The Non-Biometric Pathway is an fedramp high identity proofing method employed in IAL2 that does not rely on automated comparison between an applicant's biometric sample and facial images contained on supplied evidence. CSPs who deploy this pathway MUST document it(s), providing access for their users through assertion or API access. Doing this may reduce application rejections while increasing user adoption by decreasing waiting time before their applications can be approved.
Compliance
IAL3 introduces additional stringency into the identification process by mandating that an experienced CSP representative, known as a proofing agent, interact with applicants during an in-person attended nist ial3 verification session and verify their identities through biometric comparison of submitted evidence with biometric information to ensure only authorized subscribers enrolling online services.
Organizations may experience different metrics depending on their technologies, architectures, deployment methods and program needs. Furthermore, each level of assurance may require evolving attack protections that should be evaluated on an ongoing basis.
Fischer Identity provides a secure, user-friendly experience that's flexible and scalable. We support a range of authentication assurance levels - AAL1 to AAL3 - with cryptographic MFA (AAL2) or phishing resistant authenticators (AAL3) depending on user population needs. Furthermore, Fischer Identity utilizes joiner/mover/leaver workflows that ensure users are using the correct IAM system without disrupting business operations.
Fedramp
FedRAMP is a federal program designed to assist organizations with verifying the security of cloud services. Similar to RMF, this process saves both time and resources by expediting adoption of cloud native platforms by organizations.
FedRAMP (Federal Risk and Authorization Management Program) is a set of standards cloud service providers (CSPs) must meet to be permitted to host federal data. It was created as part of FISMA, which mandates government agencies authorize information systems.
FedRAMP uses three impact levels established by NIST to certify cloud services: low (limited effect), medium (serious adverse effect) and high (catastrophic effects). Microsoft government cloud services like Azure Government, Dynamics 365 Government and Office 365 U.S. Government have all been certified at FedRAMP High level and therefore qualify to offer their services through FedRAMP marketplace. FedRAMP requires cloud service providers (CSPs) to continuously monitor their services to ensure they meet program guidelines.
High Identity Proofing
This edition of the Digital Identity Guidelines expands measures designed to mitigate errors during identity proofing, authentication, and federation functions. It introduces a new assurance level for verification processes; expands options for phishing-resistant authentication; and adds requirements preventing automated attacks on enrollment processes.
An online ial3 identity verification software should assess its users to ascertain if any identity proofing functions are needed, and, if so, how the potential harms associated with accepting self-asserted attributes can be reduced. If necessary, CSP, verifier or IdP should be used for these functions.
Once these decisions have been reached, the RP selects an initial set of assurance levels and baseline controls based on results of risk evaluation as well as additional context - this step is known as tailoring; its result being assigned assurance levels tailored specifically to protect specific systems.To explore nist ial3 compliance further, click here or visit our website.
Comments