Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Now Open for Public Comment | Multi-Factor Authentication for Criminal Justice Information Systems
NCCoE has released NIST IR 8523 ipd for public comment until 11:59 PM ET on Monday, April 14, 2025
The NIST National Cybersecurity Center of Excellence (NCCoE) has released released the initial public draft of NIST Internal Report (IR) 8523, Multi-Factor Authentication for Criminal Justice Information Systems for public comment until 11:59 PM ET on Monday, April 14, 2025.
Criminal and non-criminal justice agencies in the U.S. require the use of multi-factor authentication (MFA) to protect access to criminal justice information (CJI). MFA is important for protecting against credential compromises and other cyber risks such as attacks by cybercriminals or other adversaries that threaten CJI.
CJI is commonly accessed using computer-aided dispatch (CAD) and record management system (RMS) software, which communicate with a state-level message switch application. MFA architectures will likely need to integrate with one or both technologies. As agencies around the country begin to implement MFA solutions, the approaches they use require careful consideration and planning. This document provides a general overview of MFA, outlines design principles and architecture considerations for implementing MFA to protect CJI, and offers specific examples of use cases that agencies face today. It also outlines how CAD/RMS and message switch technologies can support standards and best practices that provide agencies with maximum optionality to implement MFA in a way that promotes security, interoperability, usability, and cost savings.
Submit comments or email us at psfr-nccoe [at] nist.gov (psfr-nccoe[at]nist[dot]gov) .