PACER and CMECF Multi Factor Authentication
Enabling TOTP for a Secret Server with PACER
Introduction
The Administrative Office of the U.S. Courts (AO) will implement Multi-Factor Authentication (MFA) for PACER and CM/ECF systems starting May 11, 2025, to enhance security against cyberattacks. MFA is mandatory for CM/ECF users (e.g., attorneys, trustees) by December 31, 2025, and optional for PACER-only users.
Delinea, a leader in Privileged Access Management (PAM) and identity security, offers robust MFA solutions through its Secret Server and Delinea Platform to meet these requirements, ensuring secure access, compliance, and seamless integration with existing systems.
Challenges of the New MFA Requirements
User Experience:
- Balance security and usability
- Prevent delays in filing or accessing records
Compliance:
- Follow federal security standards
- Maintain operational efficiency
Mandatory MFA for CM/ECF Users:
Third-Party Software Compatibility:
- Ensure third-party filing software supports MFA
- Avoid disruptions in filing
How Delinea Addresses These Challenges
- Delinea Secret Server & Platform offer comprehensive MFA solutions
- Tailored for federal court systems
- Ensures compliance, security, and usability
Secret Server MFA Integration
- Secure Access: Protects sensitive systems like PACER and CM/ECF with multiple authentication methods.
- Supported MFA Providers: Google Authenticator, Microsoft Authenticator, Duo Security, RSA SecurID, and any RADIUS-compliant provider (TOTP or push notifications).
- RADIUS Integration: Compatible with existing court IT infrastructure and third-party software.
- Backup Options: Out-of-band authentication (phone calls, SMS) or backup codes to prevent lockouts during critical filings.
- Ease of Enablement: Quick MFA deployment to meet the May 2025 rollout.
Delinea Platform MFA
- Flexible & Cloud-Based: Adaptive MFA enhances security without compromising user experience.
- Context-Based Authentication: Triggers MFA only when needed using factors like location, device, or network.
- Authentication Profiles & Policies: Tailored MFA profiles ensure CM/ECF users meet mandatory requirements; PACER-only users can opt-in.
- Delinea Mobile App: Vaults OATH tokens for secure OTP generation, compatible with court systems.
- Federated Authentication: Integrates with external identity providers (Okta, Ping Identity) via SAML or Active Directory with Kerberos/IWA.
Delinea MFA Compatibility
- Third-Party Software: Ensures compatibility with PACER and CM/ECF filing software.
- Standards Compliance: Adheres to RADIUS and OATH standards for interoperability with court-approved software and testing environments.
- API Support: Provides APIs for custom integrations, minimizing workflow disruptions.
- Testing & Validation: Allows users to test MFA in controlled environments, aligning with PACER QA recommendations.
Privileged Account Security with Delinea
- Privileged Access Management: Secret Server secures privileged accounts with MFA at login, privilege elevation, or password checkout.
- Behavior-Based Access Control: Applies MFA based on risk ratings for high-risk actions like accessing sensitive case files or modifying records.
- Continuous Monitoring: Integrates with SIEM systems for real-time threat detection, ensuring compliance with federal cybersecurity standards.
Delinea: Security & Usability
- Single Sign-On (SSO): Combines MFA with SSO to reduce password fatigue and enable access to multiple court systems.
- Training & Support: Provides documentation and training to educate users on MFA setup and usage.
- Backup Authentication: Offers backup codes and secondary devices to prevent lockouts and meet filing deadlines.
Delinea Compliance & Security
- Single Sign-On (SSO) Integration: Supports standards like NIST, HIPAA, and PCI to meet federal court security requirements.
- Audit & Reporting: Provides comprehensive logs and reports for MFA usage, helping courts demonstrate compliance during audits.
- Secure Remote Access: Ensures MFA for remote access aligns with guidelines like IRS Publication 1075 for sensitive data handling.
Implementation Recommendations
To leverage Delinea for PACER and CM/ECF MFA compliance:
Deploy Secret Server for CM/ECF Users:
- Enable MFA with Google Authenticator or Duo Security for mandatory users
- Integrate with RADIUS for compatibility
Use Delinea Platform for Adaptive MFA:
- Configure context-based policies for PACER-only users
- Encourage voluntary enrollment
- Avoid disrupting workflows
Test in QA Environment:
- Validate third-party software compatibility in the PACER QA environment
- Use Delinea’s API and RADIUS support
Train Users Early:
- Provide training sessions before May 11, 2025
- Ensure smooth adoption for users
- Focus on CM/ECF users facing mandatory enrollment
Monitor and Audit:
- Use Secret Server’s monitoring and reporting tools
- Track MFA usage
- Ensure compliance by December 31, 2025
Conclusion
- Delinea Secret Server & Platform meet AO’s MFA requirements for PACER and CM/ECF
- Provide robust, flexible, and user-friendly MFA
- Enable seamless third-party integration
- Ensure compliance with federal standards
- Protect sensitive court systems against cyberattacks
- Support smooth transition to MFA by the 2025 deadline
Contact Info
Our Location
- Brady McMillan Commercial Account Executive, New York