Reps. Torres and Clarke Push for Adoption of Multi-Factor Authentication to Reduce Federal Security Risks

Washington, DC – Rep. Ritchie Torres (NY-15), Vice Chair of the House Homeland Security Committee, and Rep. Yvette D. Clarke (NY-09), Subcommittee Chairwoman of the Cybersecurity, Infrastructure Protection and Innovation Committee, sent a letter to Director Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), requesting more information on efforts to reduce security risks to federal networks through the adoption of multifactor authentication requirements. Following the requirement by Congress to implement these security measures across federal agencies through the Federal Cybersecurity Enhancement Act of 2015, and the Biden Administration’s Executive Order 14028, it has become apparent that not all agencies have complied.

“As we work to strengthen the security of Federal networks, one of the most critical tools to implement is multifactor authentication,” wrote the members in the letter.“It is essential that agencies adopt multifactor authentication that reduces the risk of phishing attacks and provides the greatest level of security. Accordingly, we were glad to see that as part of the Office of Management and Budget’s draft zero trust strategy released in September, Federal agencies would be required to adopt phishing-resistant multifactor authentication for agency staff, contractors, and partners.”

President Biden’s mandate that federal agencies adopt multi-factor authentication as part of Executive Order 14028, Improving the Nation’s Cybersecurity, was a critical step in securing federal networks. Implementation of multifactor authentication reduces the risk of phishing attacks and ensures an overall high level of security. Federal agencies were last asked to implement these measures in 2014 and Congress seeks to better understand the reasons for failure to meet the November 2021 implementation deadline. 

“As previous efforts to implement multifactor authentication across the executive branch have clearly not achieved their intended goals, it is important that we work together to ensure that this mandate is implemented effectively in a timely fashion,” continued Reps. Torres and Clarke. 

Congress seeks to determine the best ways to partner with federal agencies to ensure proper and swift implementation of multifactor authentication. Members are requesting a response from the agency no later than February 4, 2022 in order to ensure swift implementation.