Reps. Yvette Clarke, D-N.Y., and Ritchie Torres, D-N.Y., are seeking more information on efforts by the Cybersecurity and Infrastructure Security Agency (CISA) efforts to reduce security risks to Federal networks through the use of multi-factor authentication (MFA).
“As we work to strengthen the security of Federal networks, one of the most critical tools to implement is multi-factor authentication,” the representatives wrote in a Jan. 11 letter to CISA. “It is essential that agencies adopt multi-factor authentication that reduces the risk of phishing attacks and provides the greatest level of security.”
The letter, sent to CISA Director Jen Easterly, highlights how MFA implementation is a requirement to implement across Federal agencies through the Federal Cybersecurity Enhancement Act of 2015, and also through President Biden’s Cybersecurity Executive Order 14208. The representatives said that not all agencies have complied with these requirements.
“As previous efforts to implement multi-factor authentication across the executive branch have clearly not achieved their intended goals, it is important that we work together to ensure that this mandate is implemented effectively in a timely fashion,” Reps. Clarke and Torres added.
Rep. Clarke, Chairwoman of the House Cybersecurity, Infrastructure Protection, and Innovation Subcommittee, and Rep. Torres, Vice Chair of the House Homeland Security Committee, said that implementing MFA can reduce the risk of phishing attacks and ensure a higher level of network security.
“Accordingly, we were glad to see that as part of the Office of Management and Budget’s draft zero trust strategy released in September, Federal agencies would be required to adopt phishing-resistant multi-factor authentication for agency staff, contractors, and partners,” the House members said.
The two representatives are requesting a response to the letter from CISA no later than Feb. 4, 2022.