RSA will add support for the Open Authentication (OATH) open standard, the security-first identity company announced at the Billington CyberSecurity Summit today. RSA’s support for open standards and the company’s own solutions can help government agencies fulfill key cybersecurity mandates—including directives for the implementation of zero trust network architecture, the adoption of multi-factor authentication (MFA), and the use of cloud technology, enterprise-managed identities, and phishing-resistant capabilities—outlined in EO 14028, NSM-8, and M-22-09, among others.
RSA will leverage decades of security-first pedigree and innovative solutions to fortify customers’ use of open standards. RSA back-end infrastructure provides out-of-the-box, end-to-end security solutions that can support a range of authenticators and defend against emerging cybersecurity threats: for instance, the September 2023 RSA Mobile authenticator update will introduce code-matching capabilities to defend against prompt bombing and MFA fatigue attacks. This capability aligns with upcoming NIST SP 800-63B-4, NISTSP 800-63 Revision 4, as well as the Cybersecurity & Infrastructure Security Agency’s (CISA’s) October 2022 guidance.
RSA Risk AI uses behavioral analytics and machine learning to dynamically assess security transactions in real-time and automate responses. RSA Mobile Lock helps establish trust in unmanaged BYOD devices by scanning for critical vulnerabilities. And RSA Federal can further augment these identity security solutions with extended threat detection and response capabilities.
Support for OATH advances previous RSA commitments to open standards that create more secure ecosystems and provide customers with greater choice. RSA has served on the FIDO Alliance’s board since 2014 and is currently part of its Enterprise Deployment Working Group and the FIDO2 Technical Working Group. The RSA DS100 Authenticator combines both OTP and FIDO protocols in a single form factor. In 2022, RSA received Federal Risk and Authorization Management Program (FedRAMP) JAB authorization for RSA ID Plus for Government, which helps government agencies operate securely in the cloud. RSA is the only vendor that provides both a DOD-approved authenticator and verifier. OpenID Connect (OIDC) certified the ID Plus OIDC connection.
“Recent governmental cybersecurity mandates are positive, foundational catalysts for ensuring the resilience of critical infrastructure and assuring national security interests,” said RSA CEO Rohit Ghai. “In order to stay ahead of adversaries, government agencies and their affiliates will need to focus not just on compliance but innovating in partnership with vendors that build security-first best practices into how they engineer, supply, and support their solutions.”