Impact of OMB M-22-09, OMB M-24-14, and Executive Order 14028translated

In response to the escalating cyber threat landscape, where 73% of public-sector breaches involved phishing, federal mandates such as OMB M-22-09, OMB M-24-14, and Executive Order 14028 have set forth stringent requirements for federal agencies to implement Zero Trust Architecture (ZTA) and phishing-resistant multi-factor authentication (MFA) by the end of FY2024. These mandates underscore the critical need for stronger, more resilient security measures.translated

Importance of phishing-resistant MFA in OMB M-22-09translated

The OMB M-22-09 memorandum underscores the necessity for federal agencies to implement phishing-resistant MFA as part of their cybersecurity strategy. This directive was established due to the increasing sophistication of cyberattackers that exploit vulnerabilities in legacy authentication methods, such as mobile-based authenticators, which are prone to phishing, malware, SIM swaps, and man-in-the-middle (MiTM) attacks.

The memo highlights two primary approaches to phishing-resistant MFA that can effectively defend against these threats:

  • FIDO2: Supported by nearly all modern consumer devices and popular cloud services, WebAuthn is a key specification within the FIDO2 standard, enabling phishing-resistant MFA through FIDO2 security keys.
  • Personal Identity Verification (PIV): A standard widely used by the federal government for secure access to on-premises environments, PIV ensures a high level of protection through smart card technology.

translated

Achieving phishing-resistant MFA compliance with RSA ID Plustranslated

The RSA ID Plus platform offers a unified, scalable, phishing-resistant MFA solution that seamlessly integrates with cloud infrastructures, ensuring continuous protection across all environments while supporting Zero Trust principles.

  • RSA Authenticator App: FIDO2-certified, this app delivers strong, phishing-resistant MFA across all platforms and devices, ensuring secure, passwordless access.
  • RSA iShield Key 2 series authenticators: The RSA iShield Key 2 series, powered by Swissbit, features FIDO2, PIV, HOTP support, and a FIPS 140-3 certified smart chip to highly regulated industries, US federal agencies, systems integrators, and government contractors. Combined with RSA ID Plus for Government, the solutions provide both a FedRAMP-authorized access cloud service and AAL3 hardware authenticators that meet Executive Order 14028, OMB M-22-09, and OMB M-24-14.

translated

Why choose RSA ID Plus?translated

Trusted by federal agencies: For the past 40 years, RSA has been trusted by federal agencies to secure critical infrastructure and protect national security. The RSA ID Plus platform is designed to meet the rigorous demands of federal compliance, ensuring your agency stays ahead of evolving threats.

Comprehensive, scalable solutions: Whether your agency is just beginning to implement Zero Trust principles or is transitioning to a hybrid deployment, RSA ID Plus provides a scalable solution that grows with your needs.

Seamless integration with existing infrastructure: RSA ID Plus integrates with your current systems to provide continuous protection and monitoring across all platforms, reducing the complexity of your security environment.translated

Transitioning to the cloud with confidencetranslated

Federal agencies are required to use phishing-resistant MFA, which is less common outside of SaaS/web use cases, while still maintaining secure access to on-premises resources. RSA Hybrid Failover capabilities ensure continuous protection via one-time passcode (OTP), even during cloud service disruptions, providing secure access that allows agencies to transition to hybrid environments with peace of mind. This capability aligns with the federal mandate for resilient and secure operations under Zero Trust principles.translated

Key compliance featurestranslated

Federal compliance

The RSA iShield Key 2 series is based on a FIPS 140-3 level 3 certified cryptographic module (certificate 4679) and meets the highest cryptographic standards required by federal mandates, ensuring secure authentication and compliance with NIST 2.0 guidelines.

FIDO-certified for phishing resistance

Both the RSA Authenticator App and the RSA iShield Key 2 series are FIDO2-certified, providing robust phishing-resistant MFA. This certification ensures that both solutions meet the highest standards for secure authentication, enabling protection against phishing attacks and demonstrating compliance with the stringent requirements of OMB M-22-09 and Executive Order 14028.

Zero Trust principles and achieving optimal maturity

RSA ID® Plus provides a complete identity and access management (IAM) security platform. The solution supports continuous verification and access control and enables federal agencies, systems integrators, and government contractors to achieve optimal maturity in their Zero Trust journey.

By providing a unified identity platform that includes a FedRAMP-authorized access cloud service, FIDO-certified software authenticators, and AAL3 hardware authenticators, RSA ensures compliance with Executive Order 14028 and OMB M-22-09. RSA ID Plus allows organizations to securely manage identity across all environments, meeting the highest standards of security and maturing organizations’ Zero Trust capabilities.translated

Access point compatibility and authentication methodstranslated

Access Points

RSA Authenticator App

RSA iShield Key 2 series
(FIDO, PIV, FIPS 140-3 certified)

Windows Login (Windows, macOs)

VPN Access

Secure Proxy Gateways

SaaS (Microsoft Azure, AWS, Google Cloud, Oracle Cloud)

Desktop Login (Windows, macOS)

macOS Login on a Windows Domain

Server Login (Windows, Linux)

Custom Web Server (IIS, Apache)

Custom Integrations (REST API)

Phishing-Resistant MFA (FIDO)

PIV (if org has on-premises CA)

RADIUS


(OTP only)

PIV (if org has on-premises CA)

Time-based OTP

Notificação Móvel

Biometria

Access Points

RSA Authenticator App

Widnows Login (Windows, macOs)

VPN Access

Secure Proxy Gateways

SaaS (Microsoft Azure, AWS, Google Cloud, Oracle Cloud)

Desktop Login (Windows, macOS)

macOS Login on a Windows Domain

Server Login (Windows, Linux)

Custom Web Server (IIS, Apache)

Custom Integrations (REST API)

Phishing-Resistant MFA (FIDO)

RADIUS


(OTP only)

Time-based OTP

Notificação Móvel

Biometria

Access Points

RSA iShield Key 2 series
(FIDO, PIV, FIPS 140-3 certified)

Widnows Login (Windows, macOs)

VPN Access

Secure Proxy Gateways

SaaS (Microsoft Azure, AWS, Google Cloud, Oracle Cloud)

Desktop Login (Windows, macOS)

macOS Login on a Windows Domain

Server Login (Windows, Linux)

Custom Web Server (IIS, Apache)

Custom Integrations (REST API)

Phishing-Resistant MFA (FIDO)

PIV (if org has on-premises CA)

RADIUS

PIV (if org has on-premises CA)

Time-based OTP

Notificação Móvel

Biometria

Meet presidential mandates with confidence with RSA

Contact RSA to learn how our comprehensive MFA solutions can help your agency meet the requirements of OMB M-22-09, OMB M- 24-14, and Executive Order 14028, ensuring secure and compliant access across all federal systems.translated