BEDFORD, MA—September 5, 2023—RSA, the security-first identity leader, announced that it will add support for the Open Authentication (OATH) open standard at the Billington CyberSecurity Summit today. RSA’s support for open standards and the company’s own solutions can help government agencies fulfill key cybersecurity mandates—including directives for the implementation of zero trust network architecture, the adoption of multi-factor authentication (MFA), and the use of cloud technology, enterprise-managed identities, and phishing-resistant capabilities—outlined in EO 14028, NSM-8, and M-22-09, among others.

Support for OATH advances previous RSA commitments to open standards that create more secure ecosystems and provide customers with greater choice. RSA has served on the FIDO Alliance’s board since 2014 and is currently part of its Enterprise Deployment Working Group and the FIDO2 Technical Working Group. The RSA DS100 Authenticator combines both OTP and FIDO protocols in a single form factor. In 2022, RSA received Federal Risk and Authorization Management Program (FedRAMP) JAB authorization for RSA ID Plus for Government, which helps government agencies operate securely in the cloud. RSA is the only vendor that provides both a DOD-approved authenticator and verifier. OpenID® Connect (OIDC) certified the ID Plus OIDC connection.

RSA will leverage decades of security-first pedigree and innovative solutions to fortify customers’ use of open standards. RSA back-end infrastructure provides out-of-the-box, end-to-end security solutions that can support a range of authenticators and defend against emerging cybersecurity threats: for instance, the September 2023 RSA Mobile authenticator update will introduce code-matching capabilities to defend against prompt bombing and MFA fatigue attacks. This capability aligns with upcoming NIST SP 800-63B-4, NISTSP 800-63 Revision 4, as well as the Cybersecurity & Infrastructure Security Agency’s (CISA’s) October 2022 guidance. RSA® Risk AI uses behavioral analytics and machine learning to dynamically assess security transactions in real-time and automate responses. RSA® Mobile Lock helps establish trust in unmanaged BYOD devices by scanning for critical vulnerabilities. And RSA Federal can further augment these identity security solutions with extended threat detection and response capabilities.

“Recent governmental cybersecurity mandates are positive, foundational catalysts for ensuring the resilience of critical infrastructure and assuring national security interests,” said RSA CEO Rohit Ghai. “In order to stay ahead of adversaries, government agencies and their affiliates will need to focus not just on compliance but innovating in partnership with vendors that build security-first best practices into how they engineer, supply, and support their solutions.”

“For decades, government agencies have turned to RSA to help them secure their identity infrastructures. With government agencies struggling to meet M-22-09 and move to zero-trust architecture by September 2024, RSA is implementing additional solutions to help the public sector defend against the most frequent cyberattacks and fulfill multi-factor authentication requirements,” said RSA Federal President Kevin Orr.

“To protect critical infrastructure, the public sector needs identity solutions that are built on security,” said RSA Chief Product Officer Jim Taylor. “From our security-first supply chain to our Department of Defense-approved authenticator and verifier, RSA has built decades of security expertise into everything we do.”

“We believe in open standards as the best way to support our customers with secure and scalable authentication solutions,” said Jeff Wallace, SVP Product at Yubico. “RSA’s upcoming support for OATH will ensure that government agencies, systems integrators, and third-parties can work together and accelerate progress in protecting critical infrastructure.”

Media Contact

About RSA

The AI-powered RSA Unified Identity Platform protects the world’s most secure organizations from today’s and tomorrow’s highest-risk cyberattacks. RSA provides the identity intelligence, authentication, access, governance, and lifecycle capabilities needed to prevent threats, secure access, and enable compliance. More than 10,000 security-first organizations trust RSA to manage 59 million workplace identities across on-premises, hybrid, and multi-cloud environments. For more information, go to