- If investigations reveal successful authentication:
- Follow your established incident response procedures.
- Expire user sessions and reset affected user credentials immediately.
- Remove and re-add MFA devices as needed to ensure unauthorized additions are removed.
- Monitor for unauthorized changes in user settings or permissions.
- Report cyber incidents to the FBI's IC3 and the NJCCIC.
