[All_jlab_accounts] JLab Continues Rollout of MultiFactor Authentication

Mon Dec 12 16:14:05 EST 2016

/Sent on beh//al//f of the Jefferson Lab I//nformation Technology Division/*
*

*Background*

If you work with sensitive information, you may be impacted by the 
upcoming rollout of multifactor authentication (MFA) in Jefferson Lab’s 
computing environment. In order to better protect data and systems at 
the Laboratory, and in collaboration with a broader initiative across 
the DOE complex, Jefferson Lab is rolling out MFA to staff and users 
with access to sensitive information. MFA usually combines a pin or a 
password with some kind of hardware token or card, which makes it more 
difficult to compromise an account. The Lab is rolling out a version of 
MFA that requires a PIN+smartcard token.

*What does this mean for you?*

Jefferson Lab already has implemented MFA to protect certain types of 
sensitive data/systems, such as those on the business services network. 
In order to comply with the current DOE initiatives and align with 
best-business practices, the Lab will be enhancing our MFA 
implementation using an approach that will minimize the impact on Lab 
mission while reducing risk. We thank everyone who has participated in 
the surveys over the past few months, in which we have been able to 
collect valuable information to help identify computers, group 
directories, and user accounts that should be protected using MFA.

Changes will include requiring MFA for some users, and a split of the 
group file server into separate areas for Open Science versus 
Sensitive/MFA-protected information areas. Most staff will require MFA 
tokens/smart cards for login access to JLab systems. Most non-staff 
(users, contract services, etc.) will continue to use passwords at this 
time.

To find out if you will require an MFA token or smart card based on the 
systems you access, visit: 
https://misportal.jlab.org/mis/apps/cni/accounts/myMFA.cfm

*Upcoming changes*

Starting Tuesday, December 13, 2016, the IT Division will begin 
distributing MFA tokens to those who do not yet have them but will need 
them, and we appreciate your cooperation in this effort. For your 
convenience, Helpdesk staff will carry out this distribution on a 
planned schedule – visiting a number of the lab’s buildings over several 
days. Staff may also visit the Helpdesk in CEBAF Center to obtain their 
MFA token at any time. Staff who are available to pick up their MFA 
token or smart card are encouraged to do so before the end of the year; 
however, the distribution will continue in January. Although smartcard 
authentication will not be required before January, we encourage users 
to begin using their smartcards to login immediately, as it will give us 
confidence that the system is working and no users will be adversely 
affected when it becomes required.

During the holiday shutdown, on December 27, 2016, the IT Division will 
perform the group file server split. Users may experience intermittent 
outages on December 27-28 while this work is being performed. More 
information about this work is provided at the link below and will be 
made available soon.

*More Information*

For more information, including a card issuance schedule by building, 
FAQs and details on how these changes will impact you, please visit the 
following website: https://www.jlab.org/mfa

---

/Sent on beh//al//f of the Jefferson Lab I//nformation Technology Division/*
*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20161212/5a5a30a5/attachment.html>