Top Threats

Back to discussions
Expand all | Collapse all

Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA's Fast IDentity Online (FIDO) Implementation

  • 1.  Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA's Fast IDentity Online (FIDO) Implementation

    Posted Nov 20, 2024 08:27:00 AM
      |   view attached

    Hi All,

    Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released https://cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido. Click or tap to follow the link." data-auth="Verified" rel="noopener noreferrer" target="_blank" href="https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcisa.gov%2Fresources-tools%2Fresources%2Fphishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido&data=05%7C02%7C%7C1aec837861c14b33660c08dd097e572e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638677160426119317%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=gFLtQIqhpsn%2Fv7CdkZuDrOf4lo1f0Ue3gHGS7lXA7Mc%3D&reserved=0" data-linkindex="1" style="color: #000000">Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA's FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

    USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA's adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

    This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

    For more information about phishing-resistant MFA, visit https://www.cisa.gov/news-events/news/phishing-resistant-mfa-key-peace-mind and https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf



    ------------------------------
    Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
    ------------------------------