Trust Swiftly allows businesses to achieve FedRAMP high compliance remotely while meeting its stringent compliance standards.
This efficient process combines light identity proofing (IAL1) with strong authentication and federation (AAL-2 or higher), to minimize scaled attacks while protecting against basic evidence falsification, theft, or repudiation.
IAL3 Compliant Solution
TrustSwiftly provides the only hardware-based remote IAL3 verification solution designed to meet NIST requirements, save you money, and satisfy auditors. A robust IAL3 process also protects systems against sophisticated threats while safeguarding access privileges of highly privileged accounts.
NIST Special Publication 800-63-4, published by NIST on May 11, 2016, provides new digital identity guidelines and introduces a modular risk-based framework comprised of Identity Assurance Level (IAL), Authenticator Assurance Level (AAL) and Federation Assurance Level (FAL). This approach does away with email OTPs and significantly downgrades SMS-based authentication methods; reflecting an acknowledgement that such outdated mechanisms no longer offer effective protection from modern security threats.
For an IAL3 process to be effective, a trained agent must attend. Unfortunately, this in-person proofing process is both expensive and inconvenient, creating logistical obstacles for FedRAMP High and other compliance programs.
IAL3 Compliant Hardware
IAL3 demands an enhanced level of identity proofing, mapping and validating digital identities to real-life people. Unlike IAL2, this level requires in-person or at least remotely monitored IAL3 identity proofing processes in order to prevent phishing attacks and other social engineering tactics as well as more stringent personal identification information collection practices designed to verify claims and attributes in order to prevent impersonation, fraud or any significant damages that might occur as a result.
NIST’s fourth version of their guidelines (SP 800-63-4) maintains its tripartite assurance levels of IAL, AAL and FAL while modernizing requirements to take account of biometrics, identity wallets, FIDO security keys and other advanced authentication methods. Furthermore, AAL 3 verification can now be more easily supported by allowing sessions to be transferred between devices for additional checks – an approach which reduces complexity and cost significantly.
An independent approach could take you as far as IAL3, but requires specialization of hardware, configuration, and physical security management. A managed solution IAL3 compliant solution standards provides the easiest way to ensure the protection of your systems against current threats while freeing you up for other business needs.
IAL3 Compliant Kiosks
NIST 800-63A IAL3 is moving away from checklist-based requirements, encouraging agencies to prioritize business risk and select assurance levels that help mitigate them. This new approach to assessing identity and authentication levels emphasizes stronger, phishing-resistant protocols while supporting more users.
IAL2 requires that an applicant’s claimed digital identity be mapped and validated against their unique real-world identity, through on-site or remote identity proofing processes. This level of assurance aims to prevent more sophisticated attacks such as evidence falsification, theft and repudiation.
TrustSwiftly provides an innovative solution to meet the IAL2 standards. Our kiosks can be equipped with apps or connected live to agents via MDM for verification purposes, providing additional verification beyond what was required for IAL2. This allows your team to easily implement an affordable yet scalable IAL3 proofing process which offers improved user experiences and lower operational costs while meeting security needs of their organization.
IAL3 Compliant Agents
NIST IAL3 verification Guidelines establish three levels of assurance – IAL1, IAL2 and IAL3. While the highest level, IAL3, requires physical presence by an examiner, this may not always be viable or cost-effective for some businesses; Trust Swiftly’s remote hardware-based IAL3 solution offers a more feasible and cost-effective alternative that provides equivalent peace of mind.
Under IAL3, a trained CSP representative must interact with an applicant and verify his or her real world existence, often through biometrics. Once this verification is complete, CSP enrolls them into a subscriber account with one or more authenticators that is tied exclusively to that subscriber account – designed to prevent more advanced attacks such as evidence falsification, theft and repudiation while safeguarding against spoofing attacks.
Kiosks that comply with IAL3 can be constructed using a central agent, such as an assistant or security guard, who will assist the person through the entire IAL3 proofing process. This method provides for much cheaper and quicker deployment of solutions using full self-service kiosks.