Glossary / Identity Proofing
Identity Assurance Level (IAL)
Identity Assurance Level is a NIST 800-63 measure of how thoroughly a person's real-world identity was proofed before an account was issued, from self-asserted (IAL1) to in-person or equivalent verification (IAL3).
Also: IAL, IAL1, IAL2, IAL3
Identity Assurance Level describes how much confidence there is that an account belongs to the real person it claims, based on the proofing done at enrollment. It is one of three assurance scales in the NIST 800-63 digital identity guidelines, and it answers a different question from how the person later logs in.
The levels rise with rigor. IAL1 means the identity is self-asserted and not verified. IAL2 requires evidence of a real identity through remote or in-person proofing, the common bar for accounts that carry financial or regulated value. IAL3 adds verification by a trained operator or a tightly controlled equivalent, used where the stakes are highest.
In CIAM, IAL is the link between identity proofing and what an account is later allowed to do. A proofed account can carry a higher assurance level that unlocks higher-value actions without re-proofing, which is why the cleanliness of the handoff from the proofing step into the identity record matters. IAL is distinct from Authenticator Assurance Level, which measures the strength of the login rather than the proofing.
Sources
- NIST SP 800-63A, Digital Identity Guidelines: Enrollment and Identity Proofing: https://pages.nist.gov/800-63-3/sp800-63a.html
Related terms
Standards
- NIST SP 800-63A