Skip to main content

NIST SP 800-63A-4 IAL3 Proofing for Distributed Teams

A FedRAMP High aligned deployment model for high-risk users, contractors, and privileged access. Ship Remote Kits to distributed workforces or deploy office kiosks to capture controlled, review-ready identity evidence.

Need to validate the workflow? Request a pilot kit.

Federal agency or contractor buyer? See the federal identity proofing page.

Hybrid NIST 800-63A IAL3 Verification Solution featuring both Remote Kits and On-Premise Kiosks

3PAO-Ready Evidence Package

Built for review, not screenshots. Capture chain-of-custody records, session metadata, document evidence, and operator actions in one package your security team can map to IAL3 controls.

Enterprise Security Posture

Support regulated deployment requirements with documented controls, external security attestations, and configurable evidence retention.

Designed for High-Risk Populations

Use stronger proofing for remote workers, privileged users, sensitive contractors, and applicants whose risk profile calls for more than standard KYC.

The Enterprise Deployment Path for High Assurance

Coordinate hardware, proofing sessions, evidence capture, and reviewer access from one platform.
Your team gains defensible identity assurance without building a bespoke proofing operation.

Managed Logistics

Coordinate shipping, tracking, return flows, and device readiness so distributed users can complete high-assurance proofing without travel-heavy scheduling.

Cryptographic Certainty

Go beyond visual inspection with hardware-assisted capture, liveness checks, face-to-document comparison, and NFC chip validation where supported.

FedRAMP High Aligned

Support FedRAMP High (Class D) and other regulated environments with evidence packages, retention controls, and deployment patterns that security reviewers can inspect.

Scale or Segment: Two Ways to Deploy IAL3 Proofing

Choose the proofing model that matches your population, risk tier, and security boundary.

Shipped Remote Identity Verification Kit for Supervised Remote In-Person Proofing (SRIP)

For Distributed Teams and Remote Hires

Use managed controlled hardware for attended proofing of rural, remote, or work-from-home users across the United States.

  • Step 1: Secure Chain of Custody. We track and mail the cryptographically secured kit directly to the verified individual.
  • Step 2: Verify. User joins a <15 min supervised video session from home.
  • Step 3: Return. User applies the prepaid label and drops it off.
Discuss Remote Kit Rollout
On-Premise Identity Verification Kiosk for High-Volume FedRAMP High Onboarding

For HQ and High-Volume Sites

Turn your private rooms or a designated office into a verification center. Ideal for onboarding cohorts, SCIF access, and hybrid employees.

  • Rapid Throughput: Verify large user groups each day with an on-site deployment.
  • Flexible Hardware: Choose "Fixed" (bolt-down) or "Portable" (lock-away) units.
  • Network Isolation: Operates on guest Wi-Fi/5G, air-gapped from your corporate network.
Discuss Kiosk Rollout

A More Defensible Model for IAL3 Identity Proofing

Compare travel-heavy enrollment with a controlled, hybrid proofing workflow built for distributed enterprises.

Capability Traditional Methods (Manual/Travel) Trust Swiftly (Controlled Hybrid)
Deployment Speed Weeks (Schedule travel/appointments) Days (Overnight shipping / On-site)
Geographic Coverage Limited to major cities Remote-kit and kiosk coverage across the United States
Cost Structure Unpredictable (Fee + Travel Stipends + Lost Hours) Flat & All-Inclusive (Hardware + Logistics + Service)
Data Security Public environments / Retail stores Hardware-Anchored Trusted Path
Verification Tech Manual Review / Basic Scanning NFC Cryptography + Liveness Detection
Audit Trail Paper-based / Disconnected Centralized, tamper-evident evidence records
NIST 800-63A Status Difficult to Audit/Manual Hardware-controlled evidence workflow

Why BYOD-Only Proofing Creates IAL3 Audit Risk

NIST SP 800-63A-4 raises the control bar: IAL3 proofing requires attended proofing and a defensible capture environment.


When the user controls the phone, webcam, operating system, or camera feed, security teams have a harder time defending the chain of custody. Controlled hardware helps reduce injection, replay, and deepfake risk.

The Uncontrolled Device Gap

Software-only flows are harder to defend against virtual camera injection, replayed media, and device tampering when the applicant controls the endpoint.

The Controlled Capture Path

A controlled capture path gives reviewers stronger evidence of device custody, session integrity, operator supervision, and document authenticity.

Cryptographic NFC ePassport Verification and Biometric Match via Trusted Hardware

Frequently Asked Questions

NIST SP 800-63A-4 allows IAL3 attended proofing where the proofing agent may be remote if the session uses a CSP-controlled kiosk or device. Trust Swiftly supports that model with controlled hardware, supervised sessions, chain-of-custody records, and evidence your security team can review with its assessor.
Absolutely. Most enterprise clients use Kiosks for HQ staff and Remote Kits for distributed workers. All data flows into a single dashboard for unified auditing.
We support alternative pathways including Real ID Driver's License + Secondary Strong Evidence (like a Permanent Residence Card), fully automated via our guided agent session.
We handle the software and security remotely via our management technology. You designate an on-site "Custodian" (like an Office Manager) to ensure physical safety and power. Temporary setups also are available to avoid management on-site.
Trust Swiftly can reduce total operational burden by removing travel-heavy appointments, mileage coordination, and fragmented evidence collection.

We offer a predictable deployment model that can cover hardware, logistics, and the supervised session so teams can compare full program cost instead of only per-check fees.
Under NIST 800-63A rev 4, IAL3 carries the same evidence threshold as IAL2: one piece of SUPERIOR evidence, or two pieces of STRONG evidence, or one STRONG plus one FAIR. A SUPERIOR document such as an NFC ePassport satisfies the bar on its own, while a Real ID driver's license paired with a second strong document also qualifies. What elevates the process to IAL3 is the attended, supervised proofing session and mandatory biometric retention. Knowledge-based verification is not accepted as proofing evidence.
Once the supervised IAL3 proofing session confirms the person, we bind a phishing-resistant hardware authenticator to the verified identity. This anchors every future login to the same cryptographic key, so authentication reaches AAL3 and the verified identity cannot be reused or replayed by someone else. The binding happens inside the same trusted session, keeping the chain of custody intact from proofing through ongoing access.

Review the IAL3 Operating Model in Depth

See the best-practice case for zero-travel kits, global coverage, in-office deployment, approved-location proofing, and recurring re-verification for proxy-employee risk.

Modernize Your FedRAMP High Strategy

Not ready for a full rollout? Start with a pilot program and test remote kits with your compliance and security stakeholders.