NIM UI should Authenticate against an approved Enterprise directory (For example: ACF2, RACF, AD, LDAP, etc.....) and not use local Authentication.
Access to the NIM UI should have MFA enabled and be only through a Privileged Access Management software tool.