Health Check on Modern MFA Capabilities for NHS

This solution brief outlines the modern multi-factor authentication (MFA) capabilities that NHS organisations must prioritize to comply with new NHS England requirements. The document details the necessity for NHS trusts and related bodies to implement MFA by February 2024 and achieve full compliance by June 2024. It emphasizes the importance of understanding user identities and the need to balance security with convenience. The brief highlights the requirement for MFA to be enforced on all remote user access and privileged user access to external systems. Additionally, it discusses the need for MFA solutions to be adaptable across various environments and to provide expansive user choice. The document also addresses the increasing cyber threats targeting NHS digital systems and the critical role of MFA in enhancing the overall security posture of NHS organisations. It concludes by encouraging NHS trusts to review their identity and access management strategies in light of the new MFA mandate.