Frequently Asked
Questions

NextgenID holds 24+ patents covering biometrics, secure proofing, and credential workflows, enabling faster, safer, and more scalable identity verification than traditional approaches.

Yes. NextgenID's solutions support HSPD-12 / PIV / PIV-I programs, FedRAMP High systems, and commercial enterprises with distributed workforces needing IAL3-level identity assurance.

We minimize PII retention during proofing, secure credential data throughout its lifecycle, and implement rigorous technical and operational controls aligned with FIPS, NIST, and FedRAMP standards.

NextgenID holds Kantara Initiative IAL3 certification and FBI Criminal Justice Information Services (CJIS) certification, and is in progress for a FedRAMP High Agency ATO.

Independent certifications validate the security of the biometric capture process, identity verification workflow, and cloud environment, significantly lowering operational, compliance, and fraud risk for organizations relying on high-assurance identity proofing.

Confidently knowing who you're dealing with, so you can issue credentials, grant access, prevent fraud, meet compliance, and deliver services without face-to-face interactions.

Identity proofing establishes who a person is, at the time of onboarding, using documents, biometrics, and authoritative data. Identity verification confirms it's the same individual later when accessing a system, performing a transaction, or updating credentials.

Proofing establishes trust. Then, a credential, physical or digital, is issued, bound to that identity, maintained, rotated, and eventually revoked.

IAL3, also called Onsite Attended, is the highest level of identity proofing under NIST SP 800-63-3/4. It requires multiple identity documents, biometric collection, and verification of core attributes, including at least one government identifier.

A trained proofing agent supervises the session. It can be delivered colocated, with the applicant and agent in the same location, or remotely using a secure, supervised session.

Applicants must provide a combination of FAIR, STRONG, or SUPERIOR evidence. Core attributes are collected and verified, and biometrics are captured to ensure account recovery, non-repudiation, and that the same individual is present during proofing and credential issuance.

Agents confirm the applicant's ownership of the strongest evidence through facial comparison, biometric verification, or authentication to a secure device. Evidence and attributes are validated against authoritative sources or digitally signed documents.

Sessions occur in secure facilities or via protected remote connections. Devices are safeguarded from tampering or malware, and agents are trained to detect manipulation, coercion, or social engineering. Sessions may be recorded for fraud prevention with applicant consent.

IAL2 allows remote, automated evidence checks; IAL3 requires supervised capture (in-person or supervised remote), stronger evidence, and biometric binding per NIST.

Human supervision + vendor-controlled hardware raises capture integrity, detects subtle fraud, and provides auditable chain-of-custody, making IAL3 comparable to in-person proofing.

PresenceID is NextgenID's nationwide network and platform (kiosks, mobile stations, and remote agents) for supervised, high-assurance identity proofing and credentialing (IAL3).

Unlike selfie+ID KYC, PresenceID uses vendor-controlled hardware + trained agents, multimodal biometrics, and credential issuance workflows built for IAL3 and government standards.

Via REST APIs, webhooks, and standard connectors (SCIM, SAML/OIDC/JWT) to trigger enrollments, return assertions, and provision credentials.

HR sponsors an employee → employee completes pre-enrollment and receives a QR code → employee goes to a USPS PresenceID kiosk → remote/onsite agent verifies documents & biometrics → NextgenID issues a provisioning token or assertion to the employer.

Onsite Attended is NIST SP 800-63-4's term for high-assurance IAL3 identity proofing conducted under the supervision of a trained agent. It includes traditional in-person proofing as well as the method formerly known as Supervised Remote Identity Proofing (SRIP). Sessions can be conducted with a colocated agent or via a kiosk with a remote agent, providing the same high-assurance standards in either scenario.

A trained agent supervises identity document verification, biometric capture, and attribute validation.

• In traditional in-person sessions, the agent is physically present with the applicant.
• In kiosk-based sessions, the agent supervises remotely via secure video, and the kiosk ensures all devices are fully integrated and protected against tampering, malware, or unauthorized access.

Onsite Attended is the only approved method for IAL3 high-assurance proofing, ensuring strict compliance with NIST SP 800-63-4 requirements.

NextgenID's kiosks allow organizations to use either colocated agents (acting like a traditional in-person session) or remote agents, providing operational flexibility while maintaining high-assurance IAL3 proofing standards.

• Fully secured, tamper-resistant devices
• Reduced onsite staff requirements
• Faster processing and shorter wait times
• Extended operational hours
• Broad language coverage
• Consistent high-assurance proofing quality across multiple sites

The PresenceID Network is NextgenID's nationwide network of enrollment locations equipped to perform Onsite Attended IAL3 identity proofing using NextgenID kiosks and systems.

Yes. PresenceID locations are distributed across the United States, enabling applicants to travel to a convenient site rather than a central enrollment office. Network locations deployed across:

• U.S. Postal Service (USPS) locations
• Federal buildings
• Commercial sites

Many USPS sites have 24-hour lobby access, meaning applicants can complete kiosk-based enrollment outside typical business hours. This increases flexibility and reduces operational limitations for agencies and end users.

Applicants can go to any PresenceID kiosk at their convenience, scan a unique QR code provided by the organization, and immediately begin the supervised Onsite Attended proofing and credentialing session. This Post Office–style process is fully self-service, streamlined, and paperless.

HSPD-12 requires federal employees and contractors to use strong, standardized identity credentials for secure physical and logical access to federal facilities and systems.

FIPS 201 defines the technical requirements for PIV and PIV-I credentials under HSPD-12. Versions 201-3 and 201-4 specify how identity proofing, credential issuance, and cryptographic authentication must be performed to ensure high-assurance identity verification.

NIST SP 800-63-3 (and its update 63-4) provides guidance on digital identity lifecycle and assurance levels, including IAL3 (identity proofing), AAL3 (authentication), and FAL3 (federation/credential usage). It defines how identity evidence, biometrics, and authentication methods should be validated to prevent fraud and ensure trust in federal and commercial systems.

FIPS 201 sets the credential and hardware requirements for PIV and PIV-I cards. NIST SP 800-63-3/4 defines identity proofing, authentication, and credential use policies. Together, they ensure users are properly verified, authenticated, and trusted to access government systems and facilities.

• CAC (Common Access Card): Issued to Department of Defense personnel for secure system and facility access.
• PIV (Personal Identity Verification) Card: Issued to federal employees under HSPD-12 for secure access.
• PIV-I (PIV-Interoperable) Card: Issued by non-federal organizations for trusted individuals needing access to federal systems.

NextgenID provides IAL3-compliant identity proofing for CAC, PIV, and PIV-I programs. While we do not issue credentials ourselves, we enable secure enrollment, biometric capture and validation, and support credential management workflows such as PIN resets, certificate updates, and account recovery.

Yes. CAC, PIV, and PIV-I credentials support strong authentication (AAL3) for federal systems, enabling secure access to both physical facilities and IT networks.

Digital Identity Level 3 includes IAL3 (identity proofing), AAL3 (authentication), and FAL3 (federation/credential usage), ensuring users are fully verified, strongly authenticated, and trusted across systems.

Yes. FedRAMP High expects organizations to meet Digital Identity Level 3 standards: verified at IAL3, authenticated at AAL3, and using credentials according to FAL3 requirements.

PresenceID provides IAL3-compliant identity proofing, issues high-assurance credentials for AAL3 authentication, and ensures credential usage meets FAL3 standards.

PresenceID supports PIV-I, smart cards, FIDO tokens, and other high-assurance credentials.

Any user accessing FedRAMP High systems typically needs Digital Identity Level 3 credentials to ensure secure and trusted access.

By combining IAL3 identity proofing, AAL3 strong authentication, and FAL3 trusted credential use, Digital Identity Level 3 minimizes risk and prevents unauthorized access.

Yes. PresenceID maintains full logs of identity proofing, credential issuance, and authentication events, supporting FedRAMP High and agency audits.

Yes. Credentials issued via PresenceID can be maintained, updated, or revoked securely, ensuring compliance with ongoing FedRAMP High requirements.

NextgenID enables businesses to verify the identities of employees, contractors, and other remote personnel quickly and securely. Using IAL3-certified identity proofing, organizations can confirm identities without requiring in-person visits, even across a large, dispersed workforce.

Onboarding new hires, verifying contractor identities, granting access to sensitive systems, and issuing corporate credentials or tokens can all be done remotely and securely.

Using multiple identity documents, biometrics, supervised sessions, PAD, and secure audit trails, NextgenID ensures the person being onboarded is genuine and matches the claimed identity.

Yes. PresenceID can connect with HRIS, identity, and access management systems to automate proofing workflows, credential issuance, and access management.

Reduced onboarding friction, faster access provisioning, stronger assurance for remote and hybrid employees, and compliance with internal and regulatory requirements for identity verification.

For IAL3 identity proofing, NextgenID does not retain personally identifiable information (PII). Only transaction metadata, like session timestamps, device ID, and proofing results, is stored for operational and audit purposes.

When full credential issuance occurs, identity data and credentials are stored securely, using strong encryption and access controls. Users' information is protected throughout the credential lifecycle, including PIN resets, certificate updates, and account recovery.

IAL3 uses multiple safeguards:

• Biometric verification ensures the person at proofing matches the identity evidence.
• Presentation Attack Detection (PAD) prevents spoofing via photos, masks, or deepfakes.
• Document validation uses automated and human review to detect forged, altered, or fraudulent documents.
• Supervised Sessions (colocated or remote via a kiosk) give trained proofing agents oversight to detect coercion, manipulation, or suspicious behavior.
• Audit trails and session metadata provide evidence for compliance and forensic investigation if fraud is suspected.

It layers hardware PAD, unpredictable agent prompts, multimodal biometrics, and human review, which together defeat replay, deepfake and morph attacks more effectively than selfie flows.

NextgenID offers two main purchasing models to fit different operational and financial needs:

• CapEx Model (Capital Expenditure):
  • Customers purchase all kiosk hardware and software licenses upfront.
  • Customers supply and manage their own trained agents.
  • Ideal for organizations that prefer full ownership and control of equipment and staffing.
• Frictionless Model (Pay-Per-Transaction):
  • Customers pay per completed proofing/credentialing session.
  • They can use their own agents or NextgenID remote agents.
  • This model is typically implemented via the PresenceID Network. In some cases, if a customer meets NextgenID’s criteria, a kiosk could potentially be placed on site, but typically the network kiosks are used.

Highest level of identity proofing, including multiple documents, biometrics, and core attribute verification.

Now known as Onsite Attended – Kiosk Based, SRIP enables remote IAL3 proofing with a trained, remote agent supervising in real time.

Strong authentication level requiring hardware-backed or phishing-resistant authenticators.

Trusted usage of credentials across federated systems.

Federal standards defining technical requirements for PIV and PIV-I credentials.

Homeland Security Presidential Directive 12; mandates strong, standardized credentials for federal personnel.

Personal Identity Verification and PIV-Interoperable credentials for federal and trusted non-federal personnel.

A cloud security standard for federal systems requiring Digital Identity Level 3 compliance.

Technology to ensure biometrics are from a real, live person and not a spoof.