The ARC has endorsed Multi-factor Authentication (MFA) functionality when accessing ARC Systems including RMS and SEER. MFA will also apply to other entities instances of RMS, including DESE, Defence and ONI. MFA adds another layer of protection to the RMS and SEER sign-in process. Users will be asked to provide additional verification by receiving a code via an Authenticator App, such as on a phone or other device, and entering that code into RMS or SEER as a second tier of identification.
As part of the ARC’s compliance with the Information Security Manual (ISM) and Essential 8, MFA will become mandatory for users with privileged access from30June 2022and optional for other users. Users with privileged access include Users with a staff role that entitles users to additional system access, for example staff of Government entities (ARC, DESE, ONI and Defence) and Research Office/Lead Agency staff involved in grants administration.
Passwords will remain a minimum of 14 characters, but the length of time between the mandatory password reset will be 12 months.
MFA will be rolled out to other users in the future, however there is the option for all users to opt into this functionality from 30 June 2022.