Print This Page

Multifactor

"A form of authentication that relies on two or more ""factors"" where a factor is ""something you have"" such as a smartcard, ""something you know"" such as a password or pin, and ""something you are"" such as a physical fingerprint or a behavioral keyboard cadence."

Cloud Controls Matrix (CCM) Data

SA-07 | Security Architecture | Remote User Multi-Factor Authentication

Control Specification +-

Multi-factor authentication is required for all remote user access.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True True True

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A.11.1.1
A.11.4.1
A.11.4.2
A.11.4.6
A.11.7.1

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

AC-17
AC-20
IA-1
IA-2
MA-4

NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 AC-20
NIST SP 800-53 R3 IA-1
NIST SP 800-53 R3 IA-2
NIST SP 800-53 R3 IA-2 (1)
NIST SP 800-53 R3 MA-4

NIST SP 800-53 R3 AC-17
NIST SP 800-53 R3 AC-17 (1)
NIST SP 800-53 R3 AC-17 (2)
NIST SP 800-53 R3 AC-17 (3)
NIST SP 800-53 R3 AC-17 (4)
NIST SP 800-53 R3 AC-17 (5)
NIST SP 800-53 R3 AC-17 (7)
NIST SP 800-53 R3 AC-17 (8)
NIST SP 800-53 R3 AC-20
NIST SP 800-53 R3 AC-20 (1)
NIST SP 800-53 R3 AC-20 (2)
NIST SP 800-53 R3 IA-1
NIST SP 800-53 R3 IA-2
NIST SP 800-53 R3 IA-2 (1)
NIST SP 800-53 R3 IA-2 (2)
NIST SP 800-53 R3 IA-2 (3)
NIST SP 800-53 R3 IA-2 (8)
NIST SP 800-53 R3 MA-4
NIST SP 800-53 R3 MA-4 (1)
NIST SP 800-53 R3 MA-4 (2)

8.3

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

H.1.1, G.9.13, G.9.20, G.9.21

B.1

8.2.2

Jericho ForumNERC CIP

Commandment #6
Commandment #7
Commandment #8

CIP-004-3 R3.1

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-07.1

Is multi-factor authentication required for all remote user access?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.11.1.1
A.11.4.1
A.11.4.2
A.11.4.6
A.11.7.1

NIST SP800-53 R3 AC-17
NIST SP800-53 R3 AC-20
NIST SP800-53 R3 IA-1
NIST SP800-53 R3 IA-2
NIST SP800-53 R3 MA-4

FedRAMPPCI_DSSBITSGAPP

PCI DSS v2.0 8.3

AUP v5.0 B.1 SIG v6.0: H.1.1, G.9.13, G.9.20, G.9.21,

GAPP Ref 8.2.2

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True