Overview#Identity Assurance Level (IAL) is described in NIST.SP.800-63A as a category that conveys the degree of confidence (Assurance) that the applicant’s claimed identity is their real identity. (This is the definition of Authentication)
Identity Assurance Level describes the common pattern in which a subject (referred to as an applicant at this stage) undergoes an Identity Proofing and enrollment process in which their identity evidence and attributes are collected, uniquely resolved to a single identity within a given population or context, then validated and verified. A Credential Service Provider may then bind these attributes to an authenticator (described in NIST.SP.800-63B).
|IAL1||The Credential Service Provider (CSP) SHALL NOT proof applicants. Applicants MAY self-assert zero or more attributes to the Credential Service Provider. See NIST.SP.800-63A Section 4.3|
|IAL2||allows for remote or in-person Identity Proofing and supports a wide range of acceptable Identity Proofing techniques in order to increase user adoption, decrease false negatives (legitimate applicants that cannot successfully complete Identity Proofing), and detect to the best extent possible the presentation of fraudulent identities by a malicious applicant. A CSP MAY exceed these requirements. See NIST.SP.800-63A Section 4.4|
|IAL3||adds additional rigor to the steps required at IAL2, to include providing further evidence of superior strength, and is subjected to additional and specific processes, including the use of biometric data, to further protect the identity and Relying Party from impersonation, fraud, or other significantly harmful damages. In addition, Identity Proofing at IAL3 is performed in-person. See NIST.SP.800-63A Section 4.5 for more details. A CSP MAY exceed these requirements.|