The Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have published an initial draft of an interagency report that aims to address cyberthreats targeting identity tokens and assertions.
CISA said Monday that the draft report, titled “Protecting Tokens and Assertions from Forgery, Theft and Misuse,” is open for public comments through Jan. 30.
The report adheres to the cybersecurity directive issued by the White House in June. This EO—focused on sustaining national cyber defenses—updates and amends previous guidelines found in Executive Orders 13694 and 14144.
Understand the threats American systems are facing amid increasing global tensions at the Potomac Officers Club’s 2026 Cyber Summit on May 21. The summit is open to businesses that want to learn from industry leaders or connect with key decision-makers across the public and private sectors. Click here to secure your tickets.
Why Are Cybercriminals Targeting Identity Tokens?
CISA warns that cybercriminals are compromising identity tokens and assertions—through theft, modification or forgery—to infiltrate protected resources. The agency added that recent cyber incidents impacting cloud service providers involved some form of identity tokens and assertions misuse.
For instance, during the SolarWinds compromise in 2020, malicious actors forged Security Assertion Markup Language to bypass multi-factor authentication and access protected resources.
In another attack, foreign actors forged tokens and assertions to hack into email systems that multiple federal agencies used.
The report provides the cloud service providers and agencies with architectural considerations and recommended enhancements to safeguard identity tokens and assertions.
