Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2025

Multi-Factor Authentication for Criminal Justice Information Systems: NIST IR 8523
September 04, 2025

NIST has published final guidelines for implementing Multi-Factor Authentication (MFA) for Criminal Justice Information Systems (CJIS), in NIST Internal Report (IR) 8523.

The CJIS Security Policy versions 5.9.2 and later require the use of multi-factor authentication to protect access to criminal justice information (CJI). MFA is important for protecting against credential compromises and other cyber risks that may threaten CJI. As agencies around the country begin to implement MFA solutions, the approaches they use require careful consideration and planning. NIST IR 8523 provides a general overview of MFA, outlines design principles and architecture considerations for implementing MFA to protect CJI, and offers specific examples of use cases that agencies face today. It also outlines how public safety-specific technologies can support standards and best practices that provide agencies with maximum optionality to implement MFA in a way that promotes security, interoperability, usability, and cost savings.

For comments or questions on this document, please reach out to [email protected]

Related Topics

Security and Privacy: authentication

Laws and Regulations: First Responder Network Authority

Sectors: public safety

Created August 29, 2025, Updated September 04, 2025