January 27, 2022

Media Alert: The FIDO Alliance Endorses The Office of Management and Budget’s Finalized Zero Trust Strategy

FIDO Authentication highlighted for updated phishing-resistant authentication requirements 

The FIDO Alliance endorses The U.S. Office of Management and Budget’s finalized Federal Zero Trust Strategy, supporting their efforts to implement stronger cybersecurity methods across government agencies. The Federal Zero Trust Strategy now requires agencies to use phishing-resistant multi-factor authentication (MFA) to access agency-hosted accounts, highlighting FIDO Authentication as a quality option to ensure user security. Notably, the OMB also recommends this approach in environments where the use of Personal Identity Verification (PIV) isn’t feasible. 

“The Federal Zero Trust Strategy provides a robust roadmap for agencies to follow to ensure best practices in creating a zero trust environment. The FIDO Alliance commends the Office of Management and Budget for requiring phishing-resistant authentication to protect agencies as phishing attacks become significantly more sophisticated – including the increasingly common ability to bypass legacy MFA approaches such as OTPs,” said Andrew Shikiar, executive director of the FIDO Alliance. “Authentication is a critical component of any zero trust architecture. As cited by OMB, FIDO Security Keys and authenticators present a practical alternative to PIV and can provide agencies with a rapidly deployable solution to harden their defenses against hackers armed with increasingly sophisticated and persistent threat campaigns.”

WHO: The FIDO Alliance

WHAT: The OMB’s Federal Zero Trust Strategy, which aims to accelerate the migration of U.S. Government agencies towards zero trust cybersecurity principles, mandates the use of phishing-resistant authentication, such as FIDO Authentication. This serves as yet another example of the government recognizing the importance of not only MFA, but phishing-resistant MFA to secure accounts.

As the OMB initiates this paradigm shift in how Federal agencies approach cybersecurity, the broader adoption of FIDO Authentication will provide simpler and more secure authentication for agencies, especially as enterprise users continue to be the most valuable targets for phishing.

WHEN: The OMB released its final Federal Zero Trust Strategy on January 26, 2022. As detailed in the strategy, agencies are required to achieve the zero trust security goals outlined in the strategy by the end of 2024.

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

PR Contact
[email protected]

MORE Announcements


World Password Day Had a Good Run. Now We’re Celebrating A Future with Less Passwords

Andrew Shikiar, executive director and CMO, FIDO Alliance World Password...

May 5, 2022

FIDO Alliance Empowers New Wave of Authentication Experts with FIDO Certified Professional Testing Program

Experts in FIDO Authentication can now enroll to be certified,...

April 12, 2022

FIDO Alliance Announces Commerce Virtual Summit Amid Rising Online Payment Fraud and Authentication Challenges

Players from across banking, retail, crypto and blockchain can gain...

March 9, 2022
Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.