FAL 3 or Federation Assurance Level Three requires Holder-of-Key Assertion, signed by Identity Provider (IDP) and use of Encryption to Relying Party

FAL 3 requires the presentation of an additional Cryptographic Key bound to the assertion (e.g., the use of a cryptographic authenticator) along with all requirements of FAL 2. Note that the additional Cryptographic Key presented at FAL 3 need not be the same key used by the subscriber to authenticate to the Identity Provider (IDP)

More Information#

There might be more information for this subject on one of the following: