What is Multi-Factor Authentication?

Physical Security Under NIST 800-171
December 16, 2017
Free of charge $10 Simply no Deposit Reward $ For Showmanship Gambling establishment Free of charge Gambling establishment Slot Video games For
May 28, 2022

What is Multi-Factor Authentication?

In the past year, ransomware attacks have grown, malicious outsiders have continued to poke and prod at company networks, and insiders have increased as a potential threat. One common control to mitigate the risk of each of these is multi-factor authentication (MFA).
MFA is also known as two-factor authentication (2FA). This security enhancement is a critical control in the IAAA model to protect your organization. Everyone’s familiar with the first factor of authentication. We have usernames and passwords all over the internet, and most of us use them at work every day. So MFA extends this concept to something other than basic credentials.
Passwords fall into the first of three categories: something you know (like a password or PIN), something you have (like a token or authenticator code), or something you are (like your fingerprint or retina). MFA requires that your credentials come from two different categories. This means that logging into an application separately than logging into your computer is not a second factor. It’s the same factor a second time – even if the passwords are different.
When should I use MFA? In short, MFA should be used wherever possible, but especially for access boundaries related to sensitive data.
  • NIST 800-171: YES
  • PCI: YES
NIST 800-171 requires it for almost every user. That’s all remote users, all admin users regardless of location, and all network access users (see requirements 3.5). So the only thing a user can do without MFA and still be compliant under NIST 800-171 is log on to a machine not connected to the network. How many of those do you have in your environment?
Contact Risiden to understand more about NIST 800-171’s identification and authentication requirements, or other areas where your compliance is in question.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.