CISA Expert Urges Agencies to Proactively Implement Multi-Factor Authentication
The Cybersecurity and Infrastructure Security Agency wants federal organizations to be more proactive in enforcing multi-factor authentication, an expert from the agency said.
Ross Foard, an information technology specialist with CISA’s Continuous Diagnostics and Mitigation program, said that the government is ahead of most industries in the requirement of multi-factor authentication, Nextgov reported.
He said that such requirements are in place because government employees can become targets of phishing.
In early 2020, the FBI reported a rise in the number of business email compromise-type phishing scams targeted at state, local, tribal and territorial government bodies.
The bureau said that criminals can more easily tailor their phishing attacks to agencies because of the amount of publicly available information on leadership, vendor relationships and government contractors.
During a panel at the Advanced Technology Academic Research Center, Foard said that agencies should implement multi-factor authentication as part of their zero trust strategy, a key element of President Joe Biden’s May 2021 federal cybersecurity executive order.
“The leading and central tenet of zero trust architecture really is identity and access management,” Foard added.
Biden’s executive order also explicitly directs CISA to maximize federal agencies’ adoption of technologies and processes for implementing multi-factor authentication and encryption.
At the ATARC panel, a National Institutes of Health official highlighted the importance of identity and access management controls for protecting sensitive health information.
Samuel Michael, the chief of NIH’s Information Technology Resources Branch, added that privacy is a major consideration for the institute’s adoption of zero trust.
Tags: CISA cybersecurity Executive Order multi-factor authentication Nextgov phishing Ross Foard Samuel Michael zero trust