MFA for
Defense and Aerospace

  Air-gapped, on-premise, and hybrid cloud MFA
  MFA for NIST 800-171 and CMMC 2.0
  Converged credentials

SurePassID is a leading provider of multi-factor authentication (MFA) compliance solutions to the U.S. defense industrial base (DIB).

D&A Circle

Take the pain out of DoD MFA requirements with SurePassID

The U.S. defense industrial base faces unprecedented cybersecurity challenges. Employees, contractors, and partners need access to applications and data across the IT/OT spectrum, often while working remotely using their own devices. Meanwhile penetration attempts using stolen credentials and insider attacks are at an all-time high, threatening Intellectual Property (IP), Personally Identifiable Information (PII), Classified Information (CI), and Controlled Unclassified Information (CUI).

This has led to multi-factor authentication (MFA) requirements that defense contractors must meet:

  • Cybersecurity Maturity Model Certification (CMMC) 2.0 Levels 2 and 3
  • Supplier Performance Risk System (SPRS) NIST 800-171 Self-Assessment (DFARS Interim Rule 252.204–7019)
  • Federal Acquisition Regulation (FAR) 52.204-21
  • Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012
  • Cyber Liability Insurance (CLI)

SurePassID specializes in advanced, deploy-anywhere MFA solutions for compliance with DoD MFA requirements. Customers from Top 5 prime contractors to small manufacturing companies rely upon us. You can too.


SurePassID provides the MFA solutions no other vendor can


Air-Gapped MFA

SurePassID locks down the most sensitive apps, data, and critical infrastructure with right-sized, right-priced MFA.


On-Premise MFA

SurePassID delivers highly extensible, highly scalable MFA with 99.999% availability in on-premise data centers or hosted private clouds.


Hybrid Cloud MFA

SurePassID's advanced, deploy-anywhere MFA platform enables enterprises to benefit from a 360° view of user authentication.


Where CUI goes, MFA must follow - and SurePassID does


Domain and OS logons


SurePassID MFA for Windows/MacOS/Linux with Offline 2FA

Web apps


SurePassID MFA via SAML2 or REST API

Mobile apps


SurePassID MFA via OpenID Connect or REST API

Legacy apps


SurePassID MFA via RADIUS, LDAP, TACACS+, REST API, or native integration


SurePassID MFA for Windows/MacOS/Linux with Offline 2FA


SurePassID MFA via SAML2 or REST API


SurePassID MFA via OpenID Connect or REST API


SurePassID MFA via RADIUS, LDAP, TACACS+, REST API, or native integration

Reap the benefits of SurePassID MFA for defense contractors

MFA for CUI everywhere

SurePassID makes it easy to lock down access to CUI with MFA. Our advanced, deploy-anywhere MFA solution goes wherever you need it.

Outstanding ROI

Right-sized, right-priced. Administrative automation. User self-service. Unrivaled technical support. Everything about SurePassID maximizes your ROI.

Regulatory compliance

No matter what cybersecurity mandate you must meet, SurePassID has the MFA solution you need for compliance - including phishing-resistant MFA.

99.999% availability

MFA is mission critical for defense contractors. SurePassID has the Five 9s (99.999%) availability, redundancy, and automatic failover you need.

Phishing-resistant MFA

FIDO2 and CAC/PIV are the forms of phishing-resistant MFA that exist today. SurePassID enables you to make the most of both.

Cyber liability insurance

Securing privileged accounts with MFA is a foundational requirement of CLI. Achieve it rapidly and cost-effectively with SurePassID.

360° view of user access

SurePassID delivers a 360 degree view of user access across your IT/OT apps and integrates it with your SIEM or SOAR solution.

AI-based access monitoring

SurePassID's optional AI-based monitoring automates the alerting and interventions for lateral movement and unauthorized access.


Top 5 prime contractor uses SurePassID for MFA consolidation


What our customers say about us - and our technical support

SurePassID is a valued partner for helping our clients achieve NIST 800-171 and CMMC 2.0 compliance. They meet requirements other MFA providers cannot and deliver outstanding support. We would recommend them to any company looking for a multi-factor authentication solution with a knowledgeable, committed team standing behind it.

SurePassID provided us with exceptional technical support during a major IT infrastructure transition that spanned two continents and our global satellite system, going above and beyond the call of duty to ensure that we achieved success and MFA continuity. They understand the mission-critical nature of our business like few other vendors.

In terms of support responsiveness, I have nothing but good things to say about SurePassID. Their team has always given us great support and responded to our issues and inquiries in a timely manner.

A complete solution with the widest selection of passkeys and tokens

Phishing-Resistant MFA and Passwordless MFA


Traditional MFA


Frequently asked questions about SurePassID MFA for the U.S. DIB

What makes SurePassID experts in MFA for defense?

SurePassID has been providing air-gapped, on-premise, and hybrid cloud MFA solutions for defense contractors since 2012.

50% of our customer base is comprised of companies that fall within the U.S. DIB.

We don't talk about what we do for our defense customers - silence isn't just golden, it's our ironclad policy - but you can see some of their logos above.

I need an MFA solution yesterday. How long does it take to deploy SurePassID?

Cloud deployments can occur same day.

On-premise and air-gapped deployments will vary depending on the complexity of your requirements.

Regardless, our Customer Success team will be with you every step of the way.

Phishing-resistant MFA - am I required to implement it?

It depends.

For most CMMC 2.0 Level 2 or 3 compliance, no. If you handle highly sensitive CUI, maybe. It will depend on the DoD contract. Always consult your compliance department or outside expert.

For defense contractors that are covered entities and subject to flowdown requirements for OMB M-22-09, yes - with a caveat. Here the key language is "wherever possible." Phishing-resistant MFA is not always possible in highly-constrained environments, meaning you may not need a 100% phishing-resistant solution across all user access. Again, always consult your compliance department or outside expert.

For cyber liability insurance (CLI), maybe. Depending on the size and sophistication of your company, your insurer may incentivize - or require - phishing-resistant MFA in order to qualify for coverage. This requirement is already impacting large enterprises in the Fortune 1000. We expect to see more companies in the U.S. DIB impacted by it in the future.

Can SurePassID integrate with my IAM solution?

As a SAML 2.0 IdP, SurePassID easily and seamlessly adds MFA to any existing IAM solution, such as Okta or Ping Identity.

SurePassID also integrates with Third-Party directory services, such as Workday, Oracle, and SAP.

We even integrate with legacy SCADA systems that have built-in user directories.

How secure is SurePassID?

SurePassID is the most hardened MFA solution on the market. We never stop innovating to protect our customers from evolving cyberthreats.

  • USA company with only U.S. citizen employees
  • Secure SBOM (Software Bill of Materials)
  • Secure user and token provisioning (QR code to one-time-use provisioning page)
  • Comprehensive logging and audit trail
  • FIPS 140 mode
  • AES 256 encryption for data at rest
  • SHA 256 or SHA 512 encryption for data in transit
  • And much more...

How can we help you?

Talk to one of our MFA experts about your specific requirements as a defense contractor. Or request a free trial and see how easy it is to secure your user access and CUI with SurePassID.