Security & Industry Regulatory Compliance

Streamline product development timelines, improve customer experience, and save money by leveraging ID.me’s cybersecurity and regulatory compliance trust marks.

IDme Authenticated User Profile

NIST 800-63-3 Identity Proofing

Rapidly deploy NIST SP 800-63-3 Identity Assurance Level (IAL) 2 identity proofing for Unsupervised Remote, Supervised Remote, and In-Person Verification. ID.me was the first identity proofing vendor certified against NIST 800-63-3 IAL2 by the Kantara Initiative. We furthered our market leadership by pioneering new pathways to provide remote identity proofing for communities who don’t have credit history or a presence in databases that meet Gramm-Leach-Bliley requirement while meeting the trust threshold established by NIST at IAL2.

Vertical menu with unsupervised remote, supervised remote, and in-person verification options
IDme sign in multi-factor authentication text

Multi-Factor Authentication

Enable a full suite of NIST SP 800-63-3 Authenticator Assurance Level 2 authenticators to secure high-risk transactions and reduce the risk of account takeover. Multi-Factor Authentication options include FIDO Web Authn and FIDO tokens, like Yubikeys. The Cybersecurity and Infrastructure Agency (CISA) called FIDO “the gold standard” for login security. Get started with ID.me to deploy phishing resistant MFA to protect your users.

Rigorous Cybersecurity Compliance

From FedRAMP to ISO 27001 to SOC 2 Type II, ID.me’s authentication capabilities support your compliance with rigorous security regimes from day one.

Electronic prescription for controlled substances sticker with green check icon and pharmacist using tablet

DEA Electronic Prescriptions for Controlled Substances (EPCS)

Empower providers to prescribe faster while complying with the DEA rule for EPCS through ID.me’s NIST SP 800-63-3 Identity Assurance Level 2 and Authenticator Assurance Level 2 Credential Service Provider. ID.me applies additional Multi-Factor Authentication controls to comply with the DEA’s specific requirements for EPCS.

Healthcare Individual Access Services

The 21st Century Cures Act paved the way for a new type of healthcare interoperability built around patient direct access rights to health data. Qualified Health Information Networks (QHINs) will need IAL2 identity proofing to verify the user is who they are claiming to be prior to releasing healthcare data. Comply with requirements for Individual Access Services tied to the Trusted Exchange Framework & Common Agreement (TEFCA) with ID.me’s IAL2 CSP.

Grid of user profile photos behind blue eye security icon
Outline of California with two user profile photos and CPPA compliant sticker

California Consumer Privacy Act (CCPA) Compliance

Leverage ID.me’s CCPA-compliant identity proofing to review CCPA requests directly or use one of ID.me’s Trusted Partner Network privacy solutions for additional automation. ID.me’s identity proofing meets rigorous federal requirements for authentication and is also utilized by multiple California state government agencies for identity proofing and authentication.

Know Your Customer (KYC) Compliance

Comply with Know Your Customer requirements for customer onboarding and when processing high-risk transactions. ID.me’s ability to provide step up identity proofing and records validation allows you to tailor the appropriate level of validation and authentication to your transactions.

Woman working on two desktop monitors with green check icon and blue money icon

Learn More

ID.me Enables Identity for Multiple Industries, Including These