The NIST 800-63-4 Digital Identity Guidelines offer a core framework for identity proofing, authentication and federated identity management. These standards include different assurance levels for identity proofing to enable more flexible risk management practices.

At its heart is the new Identity Proofing Protocol 2.0 which formally acknowledges remote and unattended identity proofing methods such as chat, video and biometric verification with liveness detection and document authentication to achieve Identity Authenticity Level 2 (IAL2). Furthermore it mandates phishing-resistant MFA and allows physical authenticators bindable on something you possess for increased resilience against malware attacks.

Authentication

Authentication is the process of verifying an individual's claimed identity as they interact online, using various technologies with varying assurance levels such as passwords, FIDO security keys, biometrics, documents and Federated Identity Management (FIM).

The 2025 revision of NIST SP 800-63-4 provides new requirements for authentication and federation that significantly raise the bar in terms of what constitutes secure processes. Notably, these guidelines place increased emphasis on verifier impersonation resistance as well as stronger authentication protocols that resist phishing attacks.

The guidance also shifts focus from checklist-based requirements to a risk-based Digital Identity Risk Management framework, meaning organizations should systematically evaluate threats, service impacts and user populations to select suitable IALs, AALs and FALs. The Trustswiftly nist ial3 verification solution has been specifically developed to meet these new requirements and ensure nist 800-63-4 ial3 compliance standards by using document authentication, chat video streaming, video playback capability with liveness detection facial recognition capability reproofing step ups and step-up reproofing depending on risk assessments. Click here or head to Visit Website to explore Nist Ial3 Verification.

Attestation

Attestation is the process by which third-party vendors or internal stakeholders formally recognize and verify their information or actions as accurate and compliant with specific policies or regulatory requirements. Attestation plays an essential role in cybersecurity as it provides traceable proof that vendor practices have been authenticated, verified and documented.

NIST SP 800-63-4 provides a more structured DIRM framework, going beyond checklist-based requirements to explicitly consider impacts on mission delivery, public trust and individual users (including equity and privacy considerations). This guide offers guidance for assessing and prioritizing stronger authentication mechanisms such as FIDO Passkeys that are resistant to phishing attacks. Furthermore, this document establishes separate assurance levels for identity proofing, authentication, federation and risk management to enable adaptive risk management practices. As part of its new guidelines, NIST also proposes a subscriber-controlled wallet model designed to reduce dependence on trusted RPs and increase end user flexibility. NIST's decision to deprecate email OTP and downgrade SMS-based MFA in their new recommendations also signals an important strategic shift toward creating more phishing-resistant and federated ID solutions.

Security

NIST has issued guidelines designed to strengthen digital identity systems' security by verifying whether real world identities match claimed digital ones, through fedramp high identity proofing, authentication and federation assurance levels (IAL, AAL and FAL).

NIST SP 800-63-4 has significantly strengthened these requirements, disfavoring popular authentication methods such as email OTP and SIM swapping while mandating phishing-resistant MFA at AAL2 level and cementing FIDO Passkey as the gold standard for AAL3 authentication.

Trustswiftly helps organizations manage risk more easily by segmenting assurance levels into distinct categories to provide flexible risk management, with each assurance level falling into one of three categories for easier risk assessment and management. At level IAL1, light proofing and enrollment are introduced while at IAL3 rigorous in-person verification is necessary in high risk situations. Trustswiftly comprehensive ial3 identity verification software helps organizations meet these requirements through chat, video chatting, facial recognition with liveness detection technology, document authentication as well as step up reproofing depending on risk levels for step reproofing based reproofing as part of its comprehensive identity verification solution Trustswiftly Affirm allowing companies to bridge between business needs and security requirements while eliminating password resets!