Risk-Based Alternative to Biometric Matching for
Verification Under Identity Assurance Level (IAL) 2

Agencies can adopt a risk-based alternative (RBA) to biometric matching through an approval process that justifies the need for an alternative to the NIST-prescribed IAL2 process and demonstrates comparability through analysis of solution performance.

This white paper provides federal agencies background information on establishing a RBA to biometric matching consistent with NIST Special Publication 800-63-3 Section 5.4 Risk Acceptance and Compensating Controls.

Key takeaways include:

• Clarifying what NIST says about strict adherence to 800-63 IAL2 requirements
• Carving out a path for adopting a risk-based alternative
• The Socure solution