The NIST (National Institute of Standards and Technology) Digital Identity Guidelines establish assurance levels for different aspects of digital identity:
- Identity Assurance Levels (IAL) focus on how confidently an organization can verify a person is who they claim to be during initial enrollment.
- Authenticator Assurance Levels (AAL) determine how securely users prove their identity during subsequent logins.
IAL and AAL work together as part of a layered security approach to protect digital identities and sensitive information in our increasingly online world.
These assurance levels are particularly important for organizations like Proof, which handles sensitive information and regulated transactions. This framework for appropriate security measures helps Proof meet compliance requirements in regulated industries, reduce fraud risk, and build user trust by demonstrating a commitment to protecting their information and transactions.
IAL2
Identity Assurance Level 2 (IAL2) is the middle of three levels of identity proofing and maintains a good balance of strong protection for your personal information and reasonable convenience for users. To be in compliance with IAL2, a platform must do both of the following:
- Validate a government-issued photo ID
- Confirm the authenticity of identifying information through record checks
Businesses, title agents, and lenders can choose IAL2-Compliant Identity Verification as one of three options when creating certain transactions. An IAL2-compliant identity verification transaction on the Proof platform includes:
Learn more about how to create an Identify transaction with IAL2 identity verification.
AAL2
AAL2 (Authenticator Assurance Level 2) is the middle of three levels on how users prove they are who they claim to be when they log in to their account. To be in compliance with AAL2, a platform is required to use multi-factor authentication (MFA). This means users must provide two different types of verification.
They must provide #1 and either #2 or #3 from the list below:
- Something they know (like a password)
- Something they have (like a security key)
- Something they are (like a fingerprint)
AAL2 significantly reduces the risk of account takeovers and unauthorized access compared to single-factor methods, making it essential for protecting valuable data and transactions.