Skip To Main



January 11, 2022 



c: 202.480.5737

Washington, D.C. — Rep. Yvette D. Clarke (NY-09), Subcommittee Chairwoman of the Cybersecurity, Infrastructure Protection and Innovation Committee and Rep. Ritchie Torres (NY-15), Vice Chair of the House Homeland Security Committee, sent a letter to Director Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), requesting more information on efforts to reduce security risks to federal networks through the adoption of multi-factor authentication requirements. Following the requirement by Congress to implement these security measures across federal agencies through the Federal Cybersecurity Enhancement Act of 2015, and the Biden Administration’s Executive Order 14028, it has become apparent that not all agencies have complied.

“As we work to strengthen the security of Federal networks, one of the most critical tools to implement is multi-factor authentication,” wrote the members in the letter. “It is essential that agencies adopt multi-factor authentication that reduces the risk of phishing attacks and provides the greatest level of security. Accordingly, we were glad to see that as part of the Office of Management and Budget’s draft zero trust strategy released in September, Federal agencies would be required to adopt phishing-resistant multi-factor authentication for agency staff, contractors, and partners.”

President Biden’s mandate that federal agencies adopt multi-factor authentication as part of Executive Order 14028, Improving the Nation’s Cybersecurity, was a critical step in securing federal networks. Implementation of multi-factor authentication reduces the risk of phishing attacks and ensures an overall high level of security. Federal agencies were last asked to implement these measures in 2014 and Congress seeks to better understand the reasons for failure to meet the November 2021 implementation deadline. 

“As previous efforts to implement multi-factor authentication across the executive branch have clearly not achieved their intended goals, it is important that we work together to ensure that this mandate is implemented effectively in a timely fashion,” continued Reps. Clarke and Torres. 

Congress seeks to determine the best ways to partner with federal agencies to ensure proper and swift implementation of multi-factor authentication. Members are requesting a response from the agency no later than February 4, 2022 in order to ensure swift implementation.

Clarke Torres CISA MFA Letter.


Yvette D. Clarke has been in Congress since 2007. She represents New York’s Ninth Congressional District, which includes Central and South Brooklyn. Clarke is Chair of the Congressional Black Caucus Taskforce on Immigration, a Senior Member of the House Energy and Commerce Committee, and the Chair of the Cybersecurity, Infrastructure Protection and Innovation Subcommittee of the House Committee on Homeland Security

Issues: ,