Multi-Factor Authentication (MFA) for Unclassified & Secret DoD Networks : Department of Defense , October 24 , 2025
Multi-Factor Authentication (MFA) for Unclassified & Secret DoD Networks : Department of Defense , October 24 , 2025
From the document: "DoD Instruction (DoDI) 8520.02, "Public Key Infrastructure (PKI) and Public Key Enablement (PKE)," (reference a) and DoDI 8520.03, "Identity Authentication for Information Systems," (reference b) establish DoD-approved PKI as the principal and preferred "means of authenticating persons to Department of Defense (DoD) systems and applications." Reference (b) also authorizes the use of DoD-approved non-PKI methods of Multi-Factor Authentication (MFA) when DoD-approved PKis are impractical or infeasible. This memorandum establishes DoD non-PKI MF A policy and identifies DoD-approved non-PKI MF As based on use cases.
This memorandum replaces Section 3.3 and modifies Section 3.5 of DoDI 8520.03. Specifically, Attachment 1 updates the process for determining the method of authentication required for users to access DoD resources. Attachment 2 provides the current list of DoD-approved non-PKI MF As, Attachment 3 provides general non-PKI MF A implementation requirements, and Attachment 4 lists DoD-approved non-PKI MF A use-cases and provides supplemental implementation requirements for those use-cases. The contents of Attachments 1 and 3 of this memorandum will be incorporated into DoDI 8520.03 within 12 months of signature of this memorandum, while Attachments 2 and 4 will be made available to the DoD community and updated when new use-cases or exceptions are approved per the process in Attachment 2."
Authors - Chief Information OfficerRelated Resources
