The Library of Congress wants to update its identity and access management process to require multifactor authentication.
According to a Request for Information (RFI) posted Monday to Federal Business Opportunities, the library is looking for assistance “in its review of the current solutions being offered in the marketplace for multifactor authentication.” Multifactor authentication requires a user to provide at least two things — like a password and a possession — to gain access to a system.
The final product, according to officials, would allow for fast onboarding and offboarding of users and the management of credentials and accounts for both on-premise and cloud-based systems. The library, which bills itself as “the world’s largest and most comprehensive,” maintains extensive digital collections and catalogs.
Multifactor authentication also would provide fast implementation and deactivation of existing authentication, allow for both managed and unmanaged configurations, and will be able to link with HR systems, the RFI says.
According to the library’s fiscal 2017 budget justification, a major focus is on implementing “critical” information technology improvements, including strengthening its security protections and enhancing network access protection to two-factor authentication.
The library asked for $6.56 million in fiscal 2017 to enhance IT security as part of its 2016-2020 strategic plan.
The RFI includes a list of 10 requirements, including that it provide robust reporting features, and “informative and intuitive” management console, support for account life-cycle management and a flexible policy for multiple authentication scenarios. It must also be a single-vendor solution, manage accounts on multiple platforms such as cloud-based systems, integrate with HR management systems, and be able to manage user accounts and passwords.
It must also provide multifactor support such as voice, biometrics and one-time password applications, and provide the identity and access management system as a service.
Responses to the RFI are due April 6, while questions surrounding the request are due two weeks before that date.