In September 2025, NIST published IR 8523, providing guidance for implementing Multi-Factor Authentication (MFA) in Criminal Justice Information Systems (CJIS).
The report highlights a key cybersecurity reality:
Most breaches today begin with stolen credentials.
Because law enforcement systems contain sensitive Criminal Justice Information (CJI), the FBI CJIS Security Policy now requires MFA when accessing these systems.
The NIST report also emphasizes the importance of phishing-resistant authentication, which prevents attackers from stealing login credentials through fake websites or phishing emails.
One widely adopted approach is FIDO-based hardware security keys, which authenticate users using cryptographic keys instead of passwords or one-time codes.
Idem Key supports FIDO2 phishing-resistant authentication and can be deployed as part of an MFA solution aligned with NIST SP 800-63B AAL2 and CJIS MFA requirements.
As cyber threats evolve, strong identity protection is becoming essential for protecting critical public safety systems.
Cybersecurity #FIDO2 #PhishingResistant #MFA #CJIS #IdentitySecurity
