Identity Proofing Guide: NIST IAL Levels and Digital Government Trust

The article explains identity proofing and why it is the trust layer for digital government services. Identity proofing verifies a person’s real-world identity before issuing a credential or granting access. Authentication happens later, at every login or session, using credentials created after proofing. It links the approach to NIST SP 800-63-4, which defines three Identity Assurance Levels (IALs). IAL1 has no identity proofing and relies on self-assertion for low-risk uses. IAL2 requires high-confidence identity proofing, typically using remote or in-person document checks plus liveness/biometric validation. IAL3 demands the highest assurance, including attended proofing and biometric binding, for high-risk scenarios such as critical infrastructure access or legally authoritative credentialing. The piece also compares common methods: in-person proofing (gold standard but less scalable), remote proofing (supports IAL2 at scale with document checks and selfie/liveness), and document-based proofing in both workflows. It stresses that agencies must start with a Digital Identity Risk Assessment to balance fraud impact against costs and accessibility barriers, and to consider downstream credential lifetime and which authoritative data sources can be queried. Overall, identity proofing is framed as a compliance and trust foundation for secure and inclusive digital services that align with NIST SP 800-63-4.