FHFA’s Chief Information Officer should identify and implement a solution, in coordination with vendors, to ensure that multifactor authentication is required to access FHFA’s network. If there are no viable solutions, document any risk-based decisions, including compensating controls.