IAC-06
Multi-Factor Authentication (MFA)
Description
Automated mechanisms exist to enforce Multi-Factor Authentication (MFA) for: (1) Remote network access; (2) Third-party Technology Assets, Applications and/or Services (TAAS); and/ or (3) Non-console access to critical TAAS that store, transmit and/or process sensitive/regulated data.
Control Question
Does the organization use automated mechanisms to enforce Multi-Factor Authentication (MFA) for: (1) Remote network access; (2) Third-party Technology Assets, Applications and/or Services (TAAS); and/ or (3) Non-console access to critical TAAS that store, transmit and/or process sensitive/regulated data?
Control Metadata
Domain:
Identification & Authentication
Validation Cadence:
Quarterly
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
9.1.5
HKIA GL20
3.13.23.33.4