The FIDO Alliance has called on theÂ National Institute of Standards and Technology to addÂ aÂ sub-category on authentication when theÂ agency updates its Cybersecurity Framework.
Brett McDowell, executive director of FIDO Alliance, wrote in an article published Monday the group wants NIST to clarify language and explicitly require multi-factor authentication in the next framework update.
Explicit recommendation of MFA “is necessary to help government and industry address growing risks caused by weak authentication,” McDowell added.
NIST said it did not include authentication in theÂ first version of the framework, published in February 2014, due toÂ challenges such as lack of standards andÂ usability issues.
The challenges associated with MFAÂ have been addressedÂ through public-private, multi-stakeholder collaboration with NIST and other standards bodies and policy makers, according to McDowell.
He added the FIDO Alliance created a framework of open industry standards for stronger authentication in an effort to change the authentication landscape and addressÂ gaps observed by authors of the Cybersecurity Framework.
The alliance’s full comments on NIST’s proposed updates isÂ available on itsÂ website.