FIDO Primary and how to get there in USG

Session Details

Executive Order 1408 and OMB Memorandum- 22-09 mandates that all authentication for USG requires phishing resistant, Multifactor Authentication (MFA). The requirements apply to all staff and business partners where PIV may not be eligible or accessible.

The current challenge in the USG is the In-Person identity proofing, binding and credentialing that has become extremely hard to do in USG where the lack of Identity Proofing and Credentialing infrastructure is not available. To keep our strong authentication in place we have the FIDO2 credential with cryptographic protocols, we now need to develop or mature the identity proofing, binding and credential lifecycle management for FIDO2 to close the MFA phishing resistant constraint of not having a PIV.