NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems

Share

The NIST National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Interagency Report (IR) 8523, Multi-Factor Authentication for Criminal Justice Information Systems

Credential compromises represent an emergent cybersecurity threat, serving as a gateway for malicious actors to infiltrate networks and systems and gain access to sensitive data. Whether through phishing, brute-force attacks, or exploiting vulnerabilities in authentication mechanisms, credential compromises can pose significant risks to organizations and individuals. 

The Criminal Justice Information Services (CJIS) Security Policy (versions 5.9.2 and later) requires the use of multi-factor authentication (MFA) to protect access to criminal justice information (CJI). As both criminal and noncriminal justice agencies around the country begin to implement this requirement, they can face several technical implementation challenges.

NIST IR 8523 can help agencies identify and address their MFA implementation needs by providing insight into MFA architectures, associated technologies, and how they can be used to meet law enforcement-specific use cases. This publication also outlines how computer-aided dispatch (CAD) and record management systems (RMS) can support standards and best practices that provide agencies with multiple ways to implement MFA.

To ensure the relevance of this publication’s content, the NIST and the FBI CJIS teams engaged with agencies around the country on their current and future MFA implementations, as well as law enforcement technology vendors on their current and future support for MFA standards and best practices. The architectures, use cases, technologies, and challenges in this publication are heavily based on those discussions. 

Join the Community of Interest

Join our NCCoE Community of Interest (COI) to receive project updates and learn more about our work! Visit the NCCoE webpage to learn more about our work in the Public Safety/First Responder sector.

 

View the Publication

View this on the NCCoE website

Information technology and Cybersecurity and privacy
Released September 3, 2025, Updated September 9, 2025
Was this page helpful?