The Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have published an initial draft of an interagency report that aims to address cyberthreats targeting identity tokens and assertions.
CISA said Monday that the draft report, titled “Protecting Tokens and Assertions from Forgery, Theft and Misuse,” is open for public comments through Jan. 30.
The report adheres to the cybersecurity directive issued by the White House in June. This EO—focused on sustaining national cyber defenses—updates and amends previous guidelines found in Executive Orders 13694 and 14144.
Understand the threats American systems are facing amid increasing global tensions at the Potomac Officers Club’s 2026 Cyber Summit on May 21. The summit is open to businesses that want to learn from industry leaders or connect with key decision-makers across the public and private sectors. Click here to secure your tickets.
Why Are Cybercriminals Targeting Identity Tokens?
CISA warns that cybercriminals are compromising identity tokens and assertions—through theft, modification or forgery—to infiltrate protected resources. The agency added that recent cyber incidents impacting cloud service providers involved some form of identity tokens and assertions misuse.
For instance, during the SolarWinds compromise in 2020, malicious actors forged Security Assertion Markup Language to bypass multi-factor authentication and access protected resources.
In another attack, foreign actors forged tokens and assertions to hack into email systems that multiple federal agencies used.
The report provides the cloud service providers and agencies with architectural considerations and recommended enhancements to safeguard identity tokens and assertions.
Related Articles
The Department of War will add xAI for Government to GenAI.mil, its bespoke platform that brings generative artificial intelligence capabilities to all civilians, contractors and military personnel under DOW. The department said Monday that it entered into an agreement with xAI for the company’s suite of frontier‑grade capabilities, which are based on the Grok family of models. DOW expects initial deployment in early 2026. The Potomac Officers Club will host a panel on artificial intelligence at the 2026 Defense R&D Summit on Jan. 29. Leaders from across the Pentagon and industry are gathering at the event to discuss the key
The Department of Health and Human Services has released a proposed rule aimed at streamlining federal health IT certification requirements, strengthening patient protections against information blocking and laying new groundwork for artificial intelligence-enabled data exchange across the healthcare system. HHS said Monday that the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity proposed rule, known as HTI-5, advances the administration’s deregulation and AI leadership agenda. The proposal was released through the assistant secretary for technology policy and Office of the National Coordinator for Health Information Technology. Federal healthcare agencies are navigating large-scale modernization efforts while balancing interoperability,
The National Institute of Standards and Technology is investing $20 million to establish two new artificial intelligence centers focused on U.S. manufacturing productivity and the cybersecurity of critical infrastructure through an expanded collaboration with MITRE. NIST said Monday that the initiative creates the AI Economic Security Center for U.S. Manufacturing Productivity and the AI Economic Security Center to Secure U.S. Critical Infrastructure from Cyberthreats. MITRE will operate both centers in partnership with NIST, industry and academic institutions. AI is moving from pilot programs to operational use across federal agencies. The 2026 Artificial Intelligence Summit convenes government and industry practitioners to