NIST-Compliant IAM
End-to-end IAM aligned to NIST SP 800-63 — identity proofing (IAL), authentication (AAL), and federation (FAL) with risk-based access controls.
NIST SP 800-63 · FIDO2 · eIDAS
NIST SP 800-63 identity, FIDO2 passwordless authentication, and eIDAS e-signatures for regulated healthcare, fintech, and public-sector systems — engineered cloud-native on AWS.
About
Proximasus designs, builds, and operates NIST-compliant Identity and Access Management — from identity proofing and passwordless authentication to cryptographic signatures and cloud security — for organizations where assurance is a regulatory requirement, not an afterthought. Backed by 10+ years of hands-on experience across healthcare, financial services, and the public sector.
Services
End-to-end IAM aligned to NIST SP 800-63 — identity proofing (IAL), authentication (AAL), and federation (FAL) with risk-based access controls.
Phishing-resistant, AAL3-capable authentication with FIDO2 security keys, passkeys (WebAuthn), and platform authenticators — Touch ID, Face ID, Windows Hello.
Advanced and Qualified Electronic Signatures (AdES/QES) under eIDAS, plus PKI and certificate lifecycle management for legally binding documents.
Cloud-native security on AWS — Cognito, API Gateway, WAF, and Secrets Manager — with OAuth 2.0 and JWT validation for scalable, protected APIs.
Web, mobile, and desktop applications with authentication built in — OAuth 2.0 / OpenID Connect, passkeys, native biometrics, and secure token storage.
Assurance-level determination and compliance mapping to NIST and sector regulations, with risk-based authentication strategies for high-assurance environments.
Live demo
Register a passkey with your device — Touch ID, Windows Hello, or a FIDO2 security key — then sign in. This runs a genuine WebAuthn (FIDO2) ceremony in your browser and verifies the returned signature on-device with the Web Crypto API.
Checking browser support…
Your passkey is stored on your device. “Forget passkey” only clears this site’s copy — to remove the passkey itself, delete it in Windows Hello or your password manager.
Experience
NIST-compliant IAM for UK healthcare — IAL2+/AAL2+ assurance and qualified e-signatures for patient-consent workflows, deployed on AWS.
Passwordless authentication and federation in production systems handling 100K+ daily authentications, with multi-factor authentication across AAL levels.
From FIDO2 authenticators and cryptographic signing to cloud-native API security — across sectors where NIST conformance is both a business and regulatory requirement.
Methodology
Assess your systems, security requirements, and regulatory obligations; determine the target assurance levels.
Design an IAM architecture that conforms to the required NIST assurance levels.
Build with modern, security-first tooling — AWS, Infrastructure as Code, CI/CD, and automated compliance checks.
Integrate, configure, and security-test the solution across your environments.
Ongoing support, monitoring, and updates that keep the solution compliant over time.
Contact
Get in touch to talk through your identity, authentication, or compliance needs.