NIST 800-53 Regulatory Compliance
The Electronic Authentication Guideline from the National Institute of Standards and Technology (NIST) provides information security recommendations for federal defense agencies and defense contractors. The Guideline defines four levels of authentication that have increasing levels of security:
Levels 3 and 4 require two-factor authentication. Typically this means that for Level 3 or 4 a password or biometric is used to activate a key. Alternatively, a password protocol may be used in conjunction with a soft token, hard token, or one-time password token to achieve two-factor authentication.
Given the strategic importance of the defense industry and the increasing threat of cyber-attacks from hackers, activist organizations, and foreign governments, the Department of Defense (DoD) has required first-tier subcontractors and their supply chains to meet the National Institute of Standards and Technology’s Computer Security Division security standards (NIST 800-53). The DoD estimates that 100% of all large defense contractors and 76% of all small business defense contractors will be required to implement Two-Factor Authentication (2FA) under the newly-issued guidance.
Deploying two-factor authentication with SurePassID is the fastest path to compliance with NIST 800-53. SurePassID’s One-Click installer is compatible with the most challenging legacy IT infrastructures. SurePassID is also compatible with almost any authentication method and token, including:
- Mobile OTP (smart phones, tablets) – installed on user’s device
- Desktop OTP (desktops, laptops) – installed on user’s device
Very Low Cost:
- SMS OTP and IVR – text or call to user’s phone
- PassFaces – installed on user’s device
- Matrix Cards – Challenge-response ISO 7810-compliant printed cards; issued to users
- OneCard – World’s first all-in-one converged security credential; issued to users
- OTP Display Cards – ISO 7816-compliant smart cards with display, keypad, and mag stripe; issued to users
- OTP Keyfobs & Mini-Keyfobs - Hardware tokens; issued to users
- Third Party OTP Tokens – OATH-compliant and proprietary RSA tokens; issued to users