As remote IT workers become more vulnerable to fraud, their management becomes a critical priority. Organizations must move away from software-only onboarding practices towards physical root of trust systems for increasing trustworthiness of remote IT employees.

This modular approach template aligns with a Zero Trust architecture that ensures constant, adaptive verification of user identity and device posture - as well as providing trust for identity assertion across online services.

IAL3 Compliance

NIST 800-63-4 is the latest edition of Digital Identity Guidelines, and redefines assurance with modular lifecycle management components that assess every risk: identity proofing (IAL), authentication (AAL), and federation (FAL). Unlike rigid assurance models, this approach aligns more closely with modern security realities such as continuous authentication, adaptive risk assessment, and Zero Trust principles.

Nist 800-63-4 ial3 compliance aim to verify claimed identities are associated with real world entities through remote or in-person identity proofing, binding AAL-appropriate authenticators to subscriber accounts, and asserting pseudonymous attributes against registered RPs for pseudonymity within a federated environment.

Recipients (RPs) should leverage CSP PII minimization requirements by only collecting those attributes necessary for performing specific data queries or verification processes, for instance the first digits of an age field in order to accurately verify it and conduct more secure comparisons against any possible evidence that exists against the claimant's age.

Fedramp

With nist ial3 identity, you are using multiple forms of verified ID to demonstrate unambiguously that you are who you say you are - this digitally equivalent of showing up at the DMV with driver's license, passport and fingerprints for validation. Your Third-Party Assessment Organization (3PAO) will conduct rigorous audits against this solution; any flaws could scupper your FedRAMP certification process altogether.

Moderate Impact systems account for almost 80% of CSPs that receive FedRAMP authorization. These are systems where loss of confidentiality, integrity, or availability could have serious adverse repercussions for agency operations, assets, and individuals that aren't physically life-threatening.

Federal systems classified as High Impact contain some of the most sensitive civilian information, such as law enforcement databases and health records for law enforcement, health records for healthcare services and non-defense unclassified data. To secure such sensitive data effectively and monitor it continuously, this level requires high levels of security controls such as MFA/cryptographic protections that resist phishing attacks as well as continuous monitoring; additionally, certification costs more and takes longer.

High Identity Proofing

The ial3 identity verification software Assurance Framework enumerates modular identity lifecycle standards for proofing, authentication and federation that ensure security and usability goals are achieved across a full range of assurance levels (IAL, AAL and FAL).

IAL2 is the recommended target level for most business use cases such as workforce onboarding or account opening, requiring a highly trained CSP representative to interact directly with an individual during an on-site attended fedramp high identity proofing session and gather various types of evidence (biometrics included) against them.

Authentication strength is ensured through database checks that cross-reference extracted identity data with authoritative sources like credit bureau header data; commercial identity graphs; specialty databases like OFAC watchlists, deceased records and synthetic identity indicators; as well as government records where available. Verification procedures also employ various techniques for assessing an individual's behavioral and social characteristics.