Official websites use .mil
Secure .mil websites use HTTPS
DCMA Information Technology
The Defense Contract Management Agency’s Information Technology Cybersecurity team champions Cybersecurity Awareness Month, known as CSAM, to ensure good cyber habits. With the holiday online purchasing season approaching, October is the ideal time for personnel to learn about their cyber presence and the role cybersecurity plays in keeping DCMA, its customers and the warfighter secure.
Week One focuses on using multifactor authentication, known as MFA.
What is MFA?
Multifactor authentication is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as a laptop, application or online account. MFA is a core component of a strong identity and access management policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyberattack.
Why does DCMA Utilize MFA?
Usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties or adversaries. Enforcing the use of an MFA means compliance with Federal and Department of Defense mandates and increased confidence DCMA will stay safe from cyber criminals.
How Does MFA work?
MFA works by requiring two or more authentication factors. Authentication factors include:
DCMA utilizes common access cards, or CACs, and a PIN for multifactor authentication to DCMA assets and resources. In cases where CAC authentication is not supported, an alternative MFA method can be used. One of the most common ways to implement MFA is the use of one-time passwords, or OTPs. OTPs are the four to eight-digit codes often received via email, SMS or mobile app to authenticate your access. With OTPs, a new code is generated periodically or each time an authentication request is submitted.
MFA Examples
There are many ways to implement MFA. These options often depend on what the application or resource supports. Common examples include:
Knowledge
Possession
Inherence
Enforcing MFA is the first line of defense against cyberattacks, so don’t forget to update login options to enable MFA whenever possible.
For more information about MFA or other cybersecurity topics, visit the agency’s Cybersecurity Awareness Month 365 page (login required).
Fulcrum Strategy
The Office of the DOD Chief Information Officer developed a new strategy outlining ways to leverage the power of IT to drive transformative change.
Learn more
Media Relations: (602) 299-0294 Email us. FOIA Requests: (804) 609-4533
Download the DCMA Media Kit Jun 2025 (PDF)