Socure recently achieved a milestone when the Kantara Initiative certified our identity verification and fraud risk platform for meeting National Institutes of Standards and Technology (NIST) Identity Assurance Level 2 (IAL2) requirements for federal agencies implementing high assurance digital identity services. That’s a big deal because it means that Socure’s platform has been independently validated as being compliant with federal government requirements. It’s a feather in our cap, indeed, but more importantly, it will significantly enhance how the federal government operationalizes identity verification for a wide range of its programs and services.
NIST Special Publication (SP) 800-63 addresses digital identity controls. The 800-63 guideline specifically lays out the identity verification requirements an organization must meet in order to do business with the federal government, and states the following within the specifics of IAL2:
“IAL2 allows for remote or in-person identity proofing. IAL2 supports a wide range of acceptable identity proofing techniques in order to increase user adoption, decrease false negatives (legitimate applicants that cannot successfully complete identity proofing), and detect to the best extent possible the presentation of fraudulent identities by a malicious applicant.” (Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf)
The goal of standards organizations is to ensure interoperability among disparate systems so they can operate seamlessly when connected. When those connections happen according to the framework established by a standard, the resulting outcome is a classic example of the whole being greater than the sum of its parts.
Think about the myriad things you connect and turn on, and the things that have to happen to make it all work. Downloading an audiobook to your smartphone and listening to it via your wireless earbuds requires a small library of requirements to ensure that standards for publishing, hardware, Bluetooth, and even copyright licensing, all Iine up in a seamless fashion so you can find out what happens when Jack Reacher walks into a new town with nothing but a satchel and a hankering to seek vengeance on a dirty lawyer. Incidentally, Jack Reacher doesn’t adhere to standards, but he’s an anomaly. Let’s move on.
Federal agencies will be able to use Socure’s identity verification platform to reduce fraud while automating the decisioning process for individuals applying for various services. To put it plainly, it means that federal agencies can provide the critical services to those in need, and they can do it rapidly, efficiently, and without the need for time-consuming activities like manual reviews.
Now it should also be stated that since the standard was first issued years ago, the attack vectors used by organized fraud rings and nation states have continued to evolve. Fraud is dynamic and like running water it will always seek to find the path of least resistance. Although Socure has met the standard under the current version of NIST SP 800-63, we recognize that the standard itself needs to be updated to reflect innovative technology concepts and approaches that will better enable the government to fight back against the persistent threat posed by malicious users.
Our goal at Socure is to work with agency leaders to bring our best-in-class identity verification and fraud risk service to reduce friction for citizens seeking government services. Our vision is to help these agencies deliver an experience where people can access benefits in seconds, not hours, days, or months. We look forward to you joining us for the journey as we set a new bar for digital identity verification in government.
If you have questions or want to learn how Socure can help you optimize your identity verification program, please contact us today.
Matt King is digital identity subject matter expert with 24+ years of experience in product governance, digital identity management frameworks, and cybersecurity policy & standards. Matt is a translator between technical, business, legal, and policy requirements who drives consensus and viable solutions that meet mission needs in complex and highly regulated environments. He provides executive leadership in identity management and cybersecurity having led major initiatives across the public and private sector.