There exists a strong need for attestation of identity and organizational attachment with multi-factor authentication (MFA) credentials used by the U.S. Federal Executive Branch. These attestations include organizational affiliation of the MFA token, as well as attestation to the trust or assurance level of the credential during authentication. These attestations allow an organization to trust that only approved hardware tokens have been registered as MFA credentials for their users from that organization’s supply chain and these credentials can only be used to access approved data and resources.

When these attestations are not present, there exists a potential vulnerability for a valid MFA credential to be issued through—or to—an unauthorized token for an end user account, which could be leveraged to circumvent the protections intended through the enforcement of MFA.

Read the Ping Identity Solutions Brief to learn how to enable federated authentication to cloud, on-premise, legacy, and air-gapped applications without the need of code customizations for deployment.