"A form of authentication that relies on two or more ""factors"" where a factor is ""something you have"" such as a smartcard, ""something you know"" such as a password or pin, and ""something you are"" such as a physical fingerprint or a behavioral keyboard cadence."
Cloud Controls Matrix (CCM) Data
Physical | Network | Compute | App | Data |
---|---|---|---|---|
False | True | True | True | True |
Corp Gov Relevance |
---|
False |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
Service Provider | Tenant / Consumer |
---|---|
True | True |
COBIT 4.1 | HIPAA / HITECH Act | ISO/IEC 27001-2005 |
---|---|---|
A.11.1.1 |
NIST SP800-53 R3 | FedRAMP (Final 2012) Low Impact | FedRAMP (Final 2012) Moderate Impact | PCI DSS v2.0 |
---|---|---|---|
AC-17 | NIST SP 800-53 R3 AC-17 | NIST SP 800-53 R3 AC-17 | 8.3 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v5.0 | GAPP (Aug 2009) |
---|---|---|
H.1.1, G.9.13, G.9.20, G.9.21 | B.1 | 8.2.2 |
Jericho Forum | NERC CIP |
---|---|
Commandment #6 | CIP-004-3 R3.1 |
Consensus Assessments Initiative Questionnaire (CAIQ) Data
COBIT | HIPAA | ISO27001 | SP800_53 |
---|---|---|---|
A.11.1.1 | NIST SP800-53 R3 AC-17 |
FedRAMP | PCI_DSS | BITS | GAPP |
---|---|---|---|
PCI DSS v2.0 8.3 | AUP v5.0 B.1 SIG v6.0: H.1.1, G.9.13, G.9.20, G.9.21, | GAPP Ref 8.2.2 |
SaaS | PaaS | IaaS |
---|---|---|
True | True | True |
SP | CUST |
---|---|
True | True |