SecurID Service Incident - Authenticator registrations

Incident Report for RSA ID Plus

Postmortem

An incident March 15th 09:22PM UTC – March 16th 01:18AM UTC prevented users from registering new authenticators. Once our customer support team notified us that customers were reporting issues with authenticator registration, our Operations and Engineering teams rapidly identified and mitigated the issue.

Prior to the incident, RSA SecurID SaaS Operations was performing a key rotation exercise. During this exercise, an access policy permission set was inadvertently updated, locking out read rights to the services utilized for authenticator registrations. The faulty permission set update was further diagnosed to an SDK incompatibility. The Operations teams mitigated the issue by manually correcting permissions on the impacted policies.

RECOVERY

RSA is continuously taking steps to improve the RSA SecurID Access service and our processes to help ensure such incidents do not occur in the future. In this case, steps include (but are not limited to):

SecurID SaaS Operations has added additional monitoring specific to the authenticator registration service access policies.
Engineering has done a full audit of usages of the impacted SDK. All services have been migrated off the incompatible version.
Additional automated testing has been added to validate the SDK in use is current for future releases.

Posted Mar 31, 2023 - 18:58 UTC

Resolved

The issue affecting SecurID authenticator registrations has been corrected.

We will post a root cause analysis as soon as it is available.

Posted Mar 16, 2023 - 01:18 UTC

Investigating

We have detected an issue affecting new authenticator registrations. At this time end users are unable to complete any new registrations using either the SecurID or the Authenticate App. SaaS Operations is investigating the issue and will post updates as they become available.

Posted Mar 16, 2023 - 00:53 UTC

This incident affected: RSA ID Plus Authenticate App (iOS, Android, Windows 10).