NIST 800-63 Identity Assurance Mapping
Scope
This artifact explains how CAIRL's verification code system maps to NIST SP 800-63 identity proofing concepts for institutional review. Legacy tier names are included only as translations for older materials. This is not a federal certification, agency authorization, or blanket compliance claim.
NIST SP 800-63 separates identity proofing (IAL), authentication (AAL), and federation assertions (FAL). This page addresses only the identity proofing / enrollment assurance layer.
Executive Mapping
| CAIRL code | What CAIRL means | NIST IAL posture | External claim language |
|---|---|---|---|
| A-0Legacy: Stored | User-controlled secure storage without completed proofing. | Below IAL1 / not proofed. | A-0 evidence; no assurance claim. |
| A-ILegacy: Verified | Automated document or attribute checks support the claimed identity. | IAL1-aligned where evidence is validated and associated to the applicant. | A-I attributes; IAL1-aligned proofing posture. |
| A-IILegacy: Certified | Document validation, face match, liveness, fraud checks, and audit evidence complete successfully. | IAL2-aligned when required evidence, validation, verification, notice, records, and privacy controls are in force. | Designed to support IAL2-aligned remote identity proofing. |
| S-IILegacy: Authenticated | A-II proofing plus human review, escalation, virtual notary, in-person notary, or equivalent supervised review. | Higher-assurance workflow; IAL3 only by separate scoped engagement with physical-presence and trained-representative controls. | Human-reviewed proofing available; IAL3 requires separate scope. |
The legacy "Verified" tier name maps to A-I only as a historical translation. Current public assurance language should use the verification-code system and approved CAIRL trust-badge vocabulary.
IAL2-Aligned Checklist
Before CAIRL or a partner describes a workflow as IAL2-aligned, the relying-party use case, applicant notice, evidence quality, identity validation, liveness / association method, fraud review, audit trail, retention posture, and claim-minimization boundary must all be in scope.
Claim Guardrails
Approved public language is limited to scoped alignment:
- A-II workflows are designed to support IAL2-aligned remote identity proofing when scoped controls and relying-party requirements are in force.
- S-II workflows add human or supervised review; IAL3 is available only by separate scoped engagement.
- Legacy Stored, Verified, Certified, and Authenticated names may be used only as translations for A-0, A-I, A-II, and S-II.
CAIRL does not claim to be NIST certified. See the Trust Center for related artifacts.