>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-14Multifactor Authentication

>Control Description

Multi-factor authentication is required for: • remote VPN sessions • access to trusted data environments

Theme

Technology

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure remote connection to the corporate network is invoked via VPN and VPN in turn invokes Multi-factor authentication

>Testing Procedure

1. Inspect Organization's Remote Access Standard to determine whether requirements for remotely connecting to the corporate network are defined. 2. Observe a user remotely connect to the Organization Corporate Network via VPN. 3. Inspect system configuration of VPN software to determine whether Multi-factor authentication is required. 4. Perform a walkthrough of system connecting to Organization network remotely via vpn software to determine whether Multi- factor authentication is required for remote VPN session.

>Audit Artifacts

E-IAM-19
E-IAM-20
E-IAM-21

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

PR.AC-7

CIS Controls
5

5.2
6.3
6.4
6.5
13.5

FedRAMP Rev 5
6

AC-20
IA-02 (01)
IA-02 (12)
IA-08
MA-04
IA-02 (02)

PCI DSS
4

8.4
8.4.1
8.4.2
8.4.3

HIPAA Security Rule
1

164.312(d)

SOC 2
2

CC6.1
CC6.6

BSI C5
9

COS-02
COS-04
COS-05
COS-08
IDM-01
IDM-08
+3 more

TX-RAMP
4

AC-20
IA-2(1)
IA-8
MA-4

Ask AI

Configure your API key to use AI features.