Comment Now! Multi-Factor Authentication for Criminal Justice Information Systems
The NIST National Cybersecurity Center of Excellence (NCCoE) has released an Initial Public Draft of NIST Internal Report (NIST IR) 8523, Multi-Factor Authentication for Criminal Justice Information Systems for public comment. The comment period is open until 11:59 PM ET on Monday, April 14, 2025.
Criminal and non-criminal justice agencies in the U.S. require the use of multi-factor authentication (MFA) to protect access to criminal justice information (CJI). MFA is important for protecting against credential compromises and other cyber risks such as attacks by cybercriminals or other adversaries that threaten CJI.
CJI is commonly accessed using computer-aided dispatch (CAD) and record management system (RMS) software, which communicate with a state-level message switch application. MFA architectures will likely need to integrate with one or both technologies. As agencies around the country begin to implement MFA solutions, the approaches they use require careful consideration and planning. This document provides a general overview of MFA, outlines design principles and architecture considerations for implementing MFA to protect CJI, and offers specific examples of use cases that agencies face today. It also outlines how CAD/RMS and message switch technologies can support standards and best practices that provide agencies with maximum optionality to implement MFA in a way that promotes security, interoperability, usability, and cost savings.
You can submit comments to psfr-nccoe@nist.gov.
NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: psfr-nccoe@nist.gov
NCCoE Website questions: nccoe@nist.gov
|
