The U.S. president has set forth in Executive Order M-22-09 “a Federal Zero Trust Architecture (ZTA) Strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns. Those campaigns target Federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.”


So what does this mean for you and how does it affect your business? 


The president is exhibiting to all U.S. businesses that the Government sees cyber threats as a clear and present danger. The Government recognize that it is not safe to log into applications even when it’s on a known and trusted network. These apps must not be considered any less risky than when signing in from the public internet.


To support the president’s decree, executive order M-22-09 references The Cybersecurity and Infrastructure Security Agency’s (CISA) five pillars of a Zero Trust Cyber Security Framework – Identity, Devices, Networks, Applications and Workloads, and Data.


Specifically, the first pillar, Identity, sets forth that agency staff use enterprise-managed identities to access the applications they use in their work. In addition, using phishing-resistant multi-factor authentication (MFA) protects those personnel from sophisticated online attacks.


One such phishing-resistant MFA solution is typing dynamics. Typing dynamics is a behavioral biometric method that takes into account how a person is using a device — the speed of their typing, how they hold a device, and more — not just whether their password was entered correctly. Benefits of typing dynamics include a better user experience, faster authentication and improved security that keeps hackers at bay.


In short, the president’s strategy places emphasis on stronger enterprise identity and access management controls, including phishing-resistant MFA. Without secure, enterprise-managed identity systems, adversaries can take over user accounts and gain a foothold in an agency to steal data or launch attacks. This strategy sets a new baseline for access controls across the Government that prioritizes defense against sophisticated phishing and directs agencies to consolidate identity systems so that protections and monitoring can be consistently applied. Tightening access controls will require agencies to leverage data from different sources to make intelligent decisions, such as analyzing device and user information to assess the security posture of all activity on agency systems. 


As President Biden stated, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”


Having the government lead by example should inspire U.S. based businesses do their part to help protect the American way of life. And that starts with protecting themselves first. Implementing phishing-resistant MFA is a first step to achieving a solid security posture and securing the backbone of America.


Learn more about MFA and typing dynamics from Optimal IdM by downloading your copy of Typing Biometrics and Other Multi-Factor Authentication Methods

Download Your Copy Of Typing Biometrics and Other Multi-Factor Authentication Methods Whitepaper








We’re committed to your privacy. Optimal IdM uses the information you provide us for marketing efforts and you may unsubscribe from these communications at any time.

I agree to the Privacy Policy and Terms of Service.



  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.

Pin It on Pinterest