Identity Assurance Level


Identity Assurance Level (IAL) is described in NIST.SP.800-63A as a category that conveys the degree of confidence (Assurance) that the applicant’s claimed identity is their real identity. (This is the definition of Authentication)

Identity Assurance Level is a Level Of Assurance measurement Identity Proofing

Identity Assurance Level describes the common pattern in which a subject, referred to as an applicant During the Credential Enrollment, which undergoes an Identity Proofing and enrollment process in which the evidence and Identity Attributes are collected, uniquely resolved to a single identity within a given population or context, then validated and verified. A Credential Service Provider may then bind these attributes to an authenticator at a specified Identity Assurance Level as described in NIST.SP.800-63B.

Identity Assurance Level as defined within NIST.SP.800-63A is lengthy and a bit complex. We provide only a short summary for and overview.

Identity Assurance Level may be used in Risk Assessment parameters that determine Magnitude of the Potential loss

IAL1The Credential Service Provider (CSP) SHALL NOT proof applicants. Applicants MAY self-assert zero or more attributes to the Credential Service Provider. See NIST.SP.800-63A Section 4.3
IAL2allows for remote or in-person Identity Proofing and supports a wide range of acceptable Identity Proofing techniques in order to increase user adoption, decrease false negatives (legitimate applicants that cannot successfully complete Identity Proofing), and detect to the best extent possible the presentation of fraudulent identities by a malicious applicant. A CSP MAY exceed these requirements. See NIST.SP.800-63A Section 4.4
IAL3 adds additional rigor to the steps required at IAL2, to include providing further evidence of superior strength, and is subjected to additional and specific processes, including the use of biometric data, to further protect the identity and Relying Party from impersonation, fraud, or other significantly harmful damages. In addition, Identity Proofing at IAL3 is performed in-person. See NIST.SP.800-63A Section 4.5 for more details. A CSP MAY exceed these requirements.

Trust Elevation#

Required increases in Identity Assurance Level is typically referred to as Trust Elevation

More Information#

There might be more information for this subject on one of the following: