The FIDO Alliance has called on the National Institute of Standards and Technology to add a sub-category on authentication when the agency updates its Cybersecurity Framework.
Brett McDowell, executive director of FIDO Alliance, wrote in an article published Monday the group wants NIST to clarify language and explicitly require multi-factor authentication in the next framework update.
Explicit recommendation of MFA “is necessary to help government and industry address growing risks caused by weak authentication,” McDowell added.
NIST said it did not include authentication in the first version of the framework, published in February 2014, due to challenges such as lack of standards and usability issues.
The challenges associated with MFA have been addressed through public-private, multi-stakeholder collaboration with NIST and other standards bodies and policy makers, according to McDowell.
He added the FIDO Alliance created a framework of open industry standards for stronger authentication in an effort to change the authentication landscape and address gaps observed by authors of the Cybersecurity Framework.
The alliance’s full comments on NIST’s proposed updates is available on its website.