noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Sirius XM Holdings Inc.

Listen Live: Joe Biden Addresses UN Leaders
The Office of the Governor of the[...]

September 15 21, 2024 National Truck Driver Appreciation Week
Comcast Corporation

Rogers Communications Deploys Comcast’s Access Network Architecture to[...]

Finance

Mitek Systems Inc.

09/24/2024 | News release | Distributed by Public on 09/24/2024 12:08

Understanding NIST’s Identity Assurance Levels (IALs)

September 24, 2024 by Adam Bacia

In today's digital world, verifying someone's identity online has become both a necessity and a challenge. As businesses, government agencies, and organizations increasingly shift to digital platforms, they must ensure that the people accessing these services are who they claim to be. This process, called identity proofing, can be complex, especially when remote or digital verification is involved.

The National Institute of Standards and Technology (NIST) has established guidelines to standardize how identity verification should be conducted. These guidelines, outlined in NIST's SP 800-63 series, introduce the concept of Identity Assurance Levels (IALs). Mitek, a leader in identity verification, helps businesses meet these rigorous standards, ensuring that their identity proofing processes are secure, reliable, and compliant with NIST's requirements.

What are NIST's Identity Assurance Levels (IALs)?

NIST's Identity Assurance Levels (IALs)provide a framework to assess the strength and reliability of an identity proofing process. Said differently, they provide a standard companies can follow to establish, with a high degree of confidence, that someone is who they claim to be.

There are 3 Identity Assurance Levels established in the NIST guidelines, and each IAL represents a different level of confidence that an individual's digital identity accurately reflects their real-world identity. The three levels allow organizations to choose the appropriate level of identity proofing based on their risk tolerance for the service being accessed.

Here's a breakdown of the IALs:

IAL1: At this level, there is no need to link the digital identity to a real-world identity. Attributes provided (such as name or email) are self-asserted, meaning the user provides them without verification. This level is suitable for low-risk services where identity verification is not crucial.
IAL2: At IAL2, identity verification becomes more stringent. Evidence must be collected to support the existence of the claimed real-world identity, and the verification process requires remote or in-person proofing. This is where Mitek's solutions shine-Mitek helps businesses verify documents and match them to biometrics (via facial recognition) to ensure a high degree of confidence that the digital identity is legitimate.
IAL3: This is the highest level of identity assurance, often requiring physical presence or specialized hardware (if appearing remotely) for identity proofing. Specific levels of evidence are required and biometrics are mandatory. IAL3 is reserved for high-risk environments such as sensitive government services.

How Mitek Helps Organizations Meet NIST IAL2 Standards

Mitek's advanced identity verification technologies are designed to support organizations in meeting IAL2 standards, which require strong evidence of a user's real-world identity. Here's how Mitek supports compliance with NIST IAL2:

Information Gathering: Mitek's Verified Identity Platform (MiVIP) allows organizations to tailor the evidence capture process to their specific needs. From basic personal information (like name, address, and date of birth) to adding additional attachments (like certifications or proof of address), to customizing questionnaires for any data requirement, MiVIP provides fully customizable workflows.
Document Authentication: Mitek's platform allows users to scan government-issued identity documents, such as passports or driver's licenses. The system then verifies the legitimacy of these documents, checking for security features and cross-referencing trusted databases.
Biometric Verification: Alongside document verification, IAL2 requires biometric checks for remote proofing, to ensure that the person submitting the document is the legitimate owner. Mitek's AI-driven technology compares a live image of the user with the photo on the submitted document, ensuring that they match.

Flexibility in Identity Solutions

NIST's guidelines don't require businesses to adopt a one-size-fits-all solution. In fact, the guidelines are flexible, enabling businesses to mix and match different identity proofing, authentication, and federation components to suit their specific needs. With Mitek's Verified Identity Platform, businesses can tailor their identity proofing to any requirement while aligning with the appropriate NIST standard to meet their specific use case, and ultimately safeguard their services from identity fraud.

For organizations looking to enhance their identity verification systems, Mitek offers scalable, secure, and NIST-compliant solutions that can be tailored to meet your specific needs. Let Mitek help you stay ahead of the curve in the ever-evolving world of digital identity.

Want more information on how to address your specific use case, while meeting NIST's standards?

Explore more here

About Adam Bacia

Adam is Senior Director of Product Marketing at Mitek.

Sharing and Personal Tools

Please select the service you want to use: