H-ISAC Finished Report CISA TLP White: Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

On October 31, 2022, the Cybersecurity Infrastructure Security Agency (CISA) released two fact sheets highlighting threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue. Although number matching is not as strong as phishing-resistant MFA, it is one of the best interim mitigation for organizations that may not immediately be able to implement phishing-resistant MFA.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity
Infographics
H-ISAC TLP GREEN: Daily Cyber Headlines - April 8, 2024
Member
Other Resources
RWJ Barnabas Improves IoT Security Without Care Disruption
Advancing Health Podcast
Part Two: Cyberthreats and Assessing Third-Party Risk with Providence
Public
Advancing Health Podcast
Part One: Cyberthreats and Assessing Third-Party Risk with Providence
Public