SCF - IAC-06 - Multi-Factor Authentication (MFA)
Automated mechanisms exist to enforce Multi-Factor Authentication (MFA) for:
- Remote network access;
- Third-party systems, applications and/or services; and/ or
- Non-console access to critical systems or systems that store, transmit and/or process sensitive/regulated data.
Mapped framework controls
NIST 800-53
- IA-2(1)
- IA-2(2)
Control questions
Does the organization use automated mechanisms to enforce Multi-Factor Authentication (MFA) for:
- Remote network access;
- Third-party systems, applications and/or services; and/ or
- Non-console access to critical systems or systems that store, transmit and/or process sensitive/regulated data?