Washington, D.C. — Rep. Yvette D. Clarke (NY-09), Subcommittee Chairwoman of the Cybersecurity, Infrastructure Protection and Innovation Committee and Rep. Ritchie Torres (NY-15), Vice-Chair of the House Homeland Security Committee, sent a letter to Director Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), requesting more information on efforts to reduce security risks to national networks through the adoption of multi-factor authentication requirements. Following the requirement by Congress to implement these security measures across federal agencies through the Federal Cybersecurity Enhancement Act of 2015 and the Biden Administration’s Executive Order 14028, it has become apparent that not all agencies have complied.
“As we work to strengthen the security of Federal networks, one of the most critical tools to implement is multi-factor authentication,” wrote the members in the letter. “It is essential that agencies adopt multi-factor authentication that reduces the risk of phishing attacks and provides the greatest level of security. Accordingly, we were glad to see that as part of the Office of Management and Budget’s draft zero trust strategy released in September, Federal agencies would be required to adopt phishing-resistant multi-factor authentication for agency staff, contractors, and partners.”
President Biden’s mandate that federal agencies adopt multi-factor authentication as part of Executive Order 14028, Improving the Nation’s Cybersecurity, was a critical step in securing national networks. Implementation of multi-factor authentication reduces the risk of phishing attacks and ensures an overall high level of security. Federal agencies were last asked to implement these measures in 2014, and Congress seeks to understand better the reasons for failure to meet the November 2021 implementation deadline.
“As previous efforts to implement multi-factor authentication across the executive branch have not achieved their intended goals, we must work together to ensure that this mandate is implemented effectively in a timely fashion,” continued Reps. Clarke and Torres.
Congress seeks to determine the best ways to partner with federal agencies to ensure proper and swift implementation of multi-factor authentication. Members request a response from the agency no later than February 4, 2022, to ensure speedy performance.