"New Identity and Access Management Guidance Released by CISA and NSA for Vendors"

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released new guidance on Identity and Access Management (IAM) challenges faced by vendors and developers. The document highlights the need for clarity in definitions and policies related to multifactor authentication (MFA) and Single Sign-On (SSO), as well as the lack of understanding and integration deficits in leveraging open standard-based SSO with legacy applications. The report also addresses the issue of SSO capabilities being bundled with high-end enterprise features, making them inaccessible to smaller organizations. Additionally, the guidance emphasizes the importance of MFA governance integrity over time and recommends the creation of standard MFA terminology and phishing-resistant authenticators to enhance security.