Achieving NIST IAL3 verification—the highest assurance level for identity proofing—is not a matter of simply uploading a single ID. Unlike lower levels, NIST 800-63A IAL3 mandates a specific mathematical combination of identity evidence, categorized by “strength.” These requirements ensure that the person being verified is linked to their real-world identity with near-absolute cryptographic and biometric certainty.
For organizations utilizing Trust Swiftly, understanding these categories is the first step in designing an IAL3 compliant solution that meets federal and high-security audit requirements.
Understanding Identity Evidence Strength Categories
NIST classifies identity documents into three primary categories based on how they were issued and the security features they contain. For IAL3 identity proofing , the strength of the evidence is the foundation of the entire session.
Superior Evidence
Superior evidence is the “gold standard.” These documents are cryptographically signed by the issuing authority and contain embedded biometric data.
· Common Examples: U.S. Passports, Biometric Foreign Passports, and high-security travel credentials like Global Entry or NEXUS cards.
· Technical Role: These are validated by verifying the digital signature on the embedded NFC chip, which prevents tampering and confirms the document’s authenticity at the source.
Strong Evidence
Strong evidence is a high-quality government ID that includes a facial portrait and was issued following a rigorous identity proofing process, though it lacks the cryptographic signatures of superior evidence.
· Common Examples: REAL ID-compliant Driver’s Licenses, Enhanced Driver’s Licenses (EDL), U.S. Military IDs (CAC cards), and Permanent Resident Cards (Green Cards).
· Technical Role: These documents must be verified against an authoritative source, such as a DMV database or federal record, to ensure the ID is still valid and hasn’t been reported lost or stolen.
Fair Evidence
Fair evidence includes government-issued documents that prove a person’s existence but typically lack a photograph or biometric features.
· Common Examples: Social Security Cards, Birth Certificates, and older, non-REAL ID Driver’s Licenses.
· Technical Role: While never sufficient on their own for IAL3, they act as supporting documents to bolster the overall evidence profile.
Mandatory Evidence Combinations for IAL3
To reach the IAL3 threshold, NIST 800-63A requires one of three specific combinations. An IAL3 compliant solution must be configured to enforce these rules during the enrollment workflow.
· Option 1: Two pieces of Superior evidence. (e.g., A U.S. Passport and a Global Entry card).
· Option 2: One piece of Superior evidence AND one piece of Strong evidence. (e.g., A U.S. Passport and a REAL ID Driver’s License).
· Option 3: Two pieces of Strong evidence AND one piece of Fair evidence. (e.g., A REAL ID License, a Military ID, and a Birth Certificate).
By mandating these combinations, Trust Swiftly ensures that even if one document were compromised, the secondary and tertiary evidence provides the redundant verification necessary for high-assurance environments.
The Role of Biometric Binding and the Trusted Path
Simply possessing these documents is not enough to achieve IAL3. The process requires Identity Verification, which binds the physical person to the validated evidence.
During a supervised session—whether in person or via a Trust Swiftly Remote Kit—the authorized representative performs a biometric comparison. They compare the high-resolution “Source Photo” extracted from the NFC chip of a Superior document against a live facial scan of the applicant.
Because IAL3 requires a “Trusted Path,” this capture cannot happen on a user’s unmanaged smartphone. Trust Swiftly’s managed hardware ensures that the biometric data and the document scans are captured through secure sensors, preventing the injection of deepfakes or pre-recorded video into the verification stream.
Streamlining Your IAL3 Enrollment Workflow
For organizations moving toward FedRAMP High or other strict compliance frameworks, managing these document requirements is a massive hurdle. Trust Swiftly automates the logic, guiding users to provide the correct combination of IDs based on what they have available.
By utilizing NFC reading, automated authoritative source checks, and supervised remote sessions, Trust Swiftly turns a complex list of NIST requirements into a streamlined, digital-first experience. This allows your workforce to achieve NIST IAL3 verification from anywhere, without the need for expensive and slow travel to physical retail kiosks.
