WinMagic Writes Open Letter on New NSA and CISA IAM Guidance

MISSISSAUGA, Ontario, Oct. 30, 2023 (GLOBE NEWSWIRE) -- WinMagic Inc. (the “Company” or “WinMagic”) a leading innovator in data security solutions, enthusiastically commends the joint efforts of the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in creating their groundbreaking document, "Developer and Vendor Challenges: Identity and Access Management." This document provides invaluable assistance to vendors and developers within the cybersecurity community, promising significant benefits to the industry as a whole.

WinMagic has carefully reviewed the document and has released an open letter with a set of innovative suggestions, presented in two distinct sections, "MFA Definitions and Policy Changes" and "Standards Improvement Opportunities." These suggestions aim to address contemporary challenges and align with the industry's zero-trust principles. WinMagic acknowledges that some of these proposals may seem unconventional; however, the Company firmly believes that this unique perspective is well-suited to the current state-of-the-art technologies and the industry's evolving landscape.

"Progress is driven by sharing insights and innovative perspectives,” said Thi Nguyen-Huu, founder and CEO. “At WinMagic, we felt compelled to contribute our thoughts and innovation to support the collective pursuit of enhanced security in an ever-evolving cybersecurity landscape."


Firstly, WinMagic suggests differentiating between endpoint access and access to other resources, as the considerations for multi-factor authentication (MFA) can vary significantly between these scenarios. Furthermore, the Company advocates for the notion that the server or system should verify the user's endpoint rather than the user directly, aligning with the principles of continuous verification and zero-trust security.

WinMagic also recommends that the federation protocol should facilitate endpoint information, enabling more accurate and user-friendly authentication without requiring users to perform any authentication steps. This information can also support zero-trust aspirations, achieving "always verify" through continuous monitoring, event-driven updates and real-time security posture assessment.

WinMagic has a long history of delivering continuous innovation in data security, with products trusted by the most security-conscious organizations and government agencies, including those with classified data. The Company has achieved numerous certifications and is committed to enhancing the security landscape.

WinMagic appreciates the NSA and CISA's commitment to improving user authentication and looks forward to the opportunity to engage in further discussions to help implement and refine these progressive ideas. The Company’s collective goal is to accelerate the realization of a zero-trust security environment while ensuring a frictionless experience for users.

About WinMagic

WinMagic is a leading developer of cybersecurity solutions that, for 25 years, has raised the bar for endpoint encryption. Over 2,500 businesses and government agencies trust the company with over 3 million active licenses globally. The WinMagic authentication and encryption suite protects your company’s data, on-premises or in the cloud. WinMagic delivers a seamless authentication and encryption experience that increases productivity while protecting users and data.

For media inquiries or further information, please contact:

Follow Us on Twitter: @WinMagic
Join us on LinkedIn: WinMagic
Subscribe to our YouTube Channel: WinMagic
Like Us on Facebook: WinMagic Data Security