NIST SP 800-63-4 · Aligned identity assurance

Measurable identity assurance, per operation.

IEAL classification maps capture, algorithm, and storage to a composite assurance level. Vendor-neutral, standards-first, publicly specified.

Composable. Independent. Machine-verifiable.

Each axis scored independently, then composed into a single IEAL level a verifier can procure against. Full spec at spec.attestto.com/ieal.

Capture

Cryptographic attestation of the capture environment. Play Integrity, App Attest, hardware-bound keys. C0 (untrusted) through C2 (hardware-attested).

Algorithm

Presentation Attack Detection strength. Aligned with ISO/IEC 30107-3 and NIST 800-63A §3.13 (ProofBios). A0 through A4 (PAD L2 certified).

Storage

Where the subscriber-controlled witness resides. TPM, TEE, Secure Enclave, external hardware token. S0 through S4 (multi-party threshold recovery).

L0 to L6

A composite is only as strong as its weakest axis. The blue ramp indicates assurance intensity; it is a specification figure, not a CTA.

L0
L1
L2
L3
L4
L5
L6

L4 approximates NIST IAL2 with the Biometric verification pathway satisfied. L6 satisfies a subset of NIST IAL3 controls (excluding on-site attended proofing). See the NIST crosswalk for the detailed mapping.

Adaptive, vendor-neutral

Step up assurance only when the operation warrants it. Integrate any iBeta-certified PAD provider. No shadow vendor list.

Adaptive per-operation assurance

Step up to a higher IEAL only when the operation warrants it. A password reset is not a wire transfer. A view is not a signature.

Info. Assurance is requested per operation, not per session.

NIST 800-63-4 crosswalk

Vendor-neutral integration

Bring any iBeta-certified PAD provider. Attestto does not maintain a shadow vendor list. The public iBeta register is the authority. Vendor-neutrality is codified as §11 of the IEAL specification, and the SDK adapter pattern is open source.